Cisco GSS GUI-Based Global Server Load-Balancing Configuration Guide (Software Version 4.1(1))
Monitoring GSS Global Server Load-Balancing Operation
Downloads: This chapterpdf (PDF - 733.0KB) The complete bookPDF (PDF - 3.36MB) | Feedback

Monitoring GSS Global Server Load-Balancing Operation

Table Of Contents

Monitoring GSS Global Server Load-Balancing Operation

Monitoring Global Server Load-Balancing Statistics from the CLI

Monitoring the Status of the Boomerang Server on a GSS

Monitoring the Status of the DNS Server on a GSS

Displaying Answer Statistics

Displaying Answer Statistics for all GSSs in the GSS Mesh

Displaying Answer Group Statistics

Displaying Domain Statistics

Displaying Domain List Statistics

Displaying Global Statistics

Displaying DNS Rule Proximity Statistics

Displaying DNS Rule Statistics

Displaying DNS Rule Statistics for all GSSs in the GSS Mesh

Displaying Source Address Statistics

Displaying Source Address List Statistics

Displaying DNS Rule Sticky Statistics

Monitoring the Status of the DRP Agent on a GSS

Monitoring DDoS Statistics on a GSS

Displaying DDoS Attack Statistics

Displaying DDoS Anti-Spoofing Statistics

Displaying DDoS Failed DNS Queries

Displaying DDoS Rate-Limit Values

Displaying the DDoS Running Configuration

Displaying DDoS Statistics

Displaying DDoS Status

Monitoring the Status of Keepalives on a GSS

Displaying CRA Keepalive Statistics

Displaying Global Keepalive Statistics

Displaying HTTP HEAD Keepalive Statistics

Displaying HTTPS HEAD Keepalive Statistics

Displaying ICMP Keepalive Statistics

Displaying KAL-AP Keepalive Statistics

Displaying Scripted Keepalive Statistics

Displaying Name Server Keepalive Statistics

Displaying TCP Keepalive Statistics

Monitoring Network Proximity Statistics on a GSS

Displaying DNS Rule Proximity Statistics

Displaying Proximity Database Statistics

Displaying Proximity Group Statistics

Displaying Proximity Lookup Statistics

Displaying Proximity Probe Transfer Statistics

Displaying Proximity Status

Displaying Proximity Group Configuration

Displaying Proximity Database Status

Monitoring DNS Sticky Statistics on a GSS

Displaying DNS Rule Sticky Statistics

Displaying Sticky Statistics

Displaying Global Sticky Statistics


Displaying Global Sticky Mesh Statistics

Displaying Sticky Group Statistics

Displaying the Sticky Status

Displaying the Sticky Database Status

Displaying the Global Sticky Operating Status

Displaying the Global Sticky Mesh Operating Status

Displaying Sticky Group Configuration

Clearing GSS Global Server Load-Balancing Statistics

Monitoring Global Load-Balancing Statistics from the Primary GSSM GUI

Monitoring Answer Status and Statistics

Monitoring Answer Hit Counts

Monitoring Answer Keepalive Statistics

Monitoring Answer Status

Monitoring DNS Rule Statistics

Monitoring Domain Hit Counts

Monitoring Global Statistics

Monitoring Source Address Statistics

Monitoring DDoS Statistics

Monitoring Traffic Management Statistics

Monitoring Proximity Rule Hit Count Statistics

Monitoring Proximity Database Statistics

Monitoring Proximity Lookup Statistics

Monitoring Proximity Probe Management Statistics

Monitoring Sticky Rule Hit Statistics

Monitoring Sticky Database Statistics

Monitoring Global Sticky Mesh Statistics


Monitoring GSS Global Server Load-Balancing Operation


This chapter describes the following tools for monitoring the status of global server load-balancing on your GSS network:

CLI-based commands that display the content routing and global server load-balancing statistics performed by a GSS device (primary GSSM, standby GSSM, and GSS device).

Monitor pages in the primary GSSM GUI that display the status of global server load-balancing activity for all GSS devices in your GSS network.

This chapter contains the following major sections:

Monitoring Global Server Load-Balancing Statistics from the CLI

Monitoring Global Load-Balancing Statistics from the Primary GSSM GUI

Monitoring Global Server Load-Balancing Statistics from the CLI

Each GSS device includes a comprehensive set of show statistics CLI commands to display content routing and load-balancing statistics for each major component involved in the GSS global server load-balancing operation. The GSS global server load-balancing components include boomerang (CRAs), DNS, and VIP keepalives. For example, you can use the show statistics dns command to view the traffic handled by a particular DNS rule, which matches a D-proxy to an answer, or to analyze the traffic to a particular hosted domain that is managed by a GSS.

You can also monitor advanced traffic management functions such as DNS sticky and network proximity for the GSS device.

The following topics provide detailed instructions about using the output of the various show statistics command options to monitor GSS global server load-balancing operation.

Monitoring the Status of the Boomerang Server on a GSS

Monitoring the Status of the DNS Server on a GSS

Monitoring the Status of the DRP Agent on a GSS

Monitoring DDoS Statistics on a GSS

Monitoring the Status of Keepalives on a GSS

Monitoring Network Proximity Statistics on a GSS

Monitoring DNS Sticky Statistics on a GSS

Clearing GSS Global Server Load-Balancing Statistics

Monitoring the Status of the Boomerang Server on a GSS

The boomerang server component uses calculations of network delay, provided by DNS races between CRAs, to determine which server is best able to respond to a given request. You use the show statistics boomerang command to view boomerang activity, such as DNS races, on your GSS device on a domain-by-domain basis or on a global basis.

The syntax of this command is as follows:

show statistics boomerang {domain domain_name | global}

The keywords and arguments are as follows:

domain—Displays statistics related to a named domain being served by the GSS.

domain_name—Name of the domain.

global—Displays statistics across the entire GSS network for the Boomerang server.

This example shows how to displays statistics across the entire GSS network for the boomerang server:

gss1.yourdomain.com# show statistics boomerang global
Boomerang global statistics:
        Total races: 24
 
   

This example shows how to displays boomerang statistics for a specific domain:

gss1.yourdomain.com# show statistics boomerang domain1
Domain statistics: (of domain1)
        DNS A requests: 

Monitoring the Status of the DNS Server on a GSS

The DNS server component tracks all DNS-related traffic to and from your GSS device, including information about DNS queries received, responses sent, queries dropped and forwarded. You use the show statistics dns command option to view DNS statistics about your GSS request routing and server load-balancing components such as DNS rules, answers, answer groups, domains, domain lists, proximity lookups by rule name or zone, source addresses, and source address groups.

When viewing the DNS answer group, domain list, or source address list statistics, you may specify the verbose option to view detailed statistics about each component of your DNS rules (for example, statistics for each answer that makes up an answer group or each domain that makes up a domain list).

This section contains the following topics:

Displaying Answer Statistics

Displaying Answer Statistics for all GSSs in the GSS Mesh

Displaying Answer Group Statistics

Displaying Domain Statistics

Displaying Domain List Statistics

Displaying Global Statistics

Displaying DNS Rule Proximity Statistics

Displaying DNS Rule Statistics

Displaying DNS Rule Statistics for all GSSs in the GSS Mesh

Displaying Source Address Statistics

Displaying Source Address List Statistics

Displaying DNS Rule Sticky Statistics

Displaying Answer Statistics

You display the accumulated hit count for each configured answer that responds to content queries by entering the show statistics dns answer command. The statistics also include the per second average hit count calculated during the last-minute, a 5-minute interval, a 30-minute interval, and a 4-hour interval.

The syntax of this command is as follows:

show statistics dns answer [list | verbose | answer_name]

The keywords and arguments are as follows:

list—(Optional) Lists the names of all answers configured for the GSS.

verbose—(Optional) Allows you to display detailed statistics for each answer. In addition to the information that displays when you do not use an optional keyword, the DNS name also displays.

answer_name—(Optional) Name of the answer that you want to display statistics.

Table 11-1 describes the fields in the show statistics dns answer command output.

Table 11-1 Field Descriptions for show statistics dns answer Command 

Field
Description

Answer

Name of the answer. Depending on the type of answer, the GSS displays the following:

VIP address of the answer (VIP-type answer)

Interface or circuit address (CRA-type answer)

IP address of the name server (Name Server-type answer)

Type

Resources to which the GSS resolves DNS requests. The answer types include VIP, CRA, or Name Server (NS).

Total Hits

Total number of hits for the configured answer since the GSS was last started or statistics cleared.

1-Min

Averaged per second hit count for the answer, calculated during the last minute.

5-Min

Averaged per second hit count for the answer, calculated during the last 5-minute interval.

30-Min

Averaged per second hit count for the answer, calculated during the last 30-minute interval.

4-Hr

Averaged per second hit count for the answer, calculated during the last 4-hour interval.


Displaying Answer Statistics for all GSSs in the GSS Mesh

From the primary GSSM, you can display answer statistics for all of the online GSS devices in the GSS mesh by using the show statistics gss-mesh all dns answer command. For every online GSS, the primary GSSM displays the accumulated hit count for each configured answer that responds to content queries.

The syntax of this command is as follows:

show statistics gss-mesh all dns answer [type {cra | ns | vip}] [ip_address]

The keywords and arguments are as follows:

type—(Optional) Specifies statistics for one of the following answer types:

cra—Content routing agent answer type

ns—DNS name server answer type

vip—Virtual IP answer type

ip_address—(Optional) IP address of a specific GSS in the GSS mesh.

Table 11-2 describes the fields in the show statistics gss-mesh all dns answer command output.

Table 11-2 Field Descriptions for show statistics gss-mesh all dns answer Command 

Field
Description

IP

IP address of the GSS in the GSS mesh.

Name

Answer name.

Type

Resources to which the GSS resolves DNS requests. The answer types include VIP, CRA, or Name Server (NS).

Status

Answer status. Possible states are as follows:

Online—Indicates that the answer is online and can be used by any of the currently configured DNS rules.

Offline—Indicates that the answer is offline and cannot be used by any of the currently configured DNS rules.

Suspended—Indicates that the answer is administratively suspended and cannot be used by any of the currently configured DNS rules.

Operational Suspend—Indicates that the GSS has suspended the answer because it was offline and the manual-reactivation option was enabled on the answer. For this state to display, you must have the global manual reactivation feature enabled on the primary GSSM.

Unknown—Indicates that the primary GSSM was recently restarted and is waiting for an answer status from its peer GSS.

Hit Count

Total number of hits for the configured answer since the GSS was last started or statistics cleared.


Displaying Answer Group Statistics

You display the total hit count for each configured answer group and the answers contained in the answer group by entering the show statistics dns answer-group command.

The syntax of this command is as follows:

show statistics dns answer-group {list | group_name [verbose]}

The keywords and arguments are as follows:

list—Lists the names of all answer groups configured for the GSS.

group_name—Name of the answer group that you want to view statistics.

verbose—Allows you to view detailed statistics for each answer that makes up an answer group.

Table 11-3 describes the fields in the show statistics dns answer-group verbose command output.

Table 11-3 Field Descriptions for show statistics dns answer-group verbose Command 

Field
Description

Total Hit Count

Accumulated hit count for the configured answer group since the GSS was last started.

Answer

Name of each answer in the answer group. Depending on the type of answer, the GSS displays the following:

VIP address of the answer (VIP-type answer)

Interface or circuit address (CRA-type answer)

IP address of the name server (Name Server-type answer)

Hit Count

Number of times that the answer has been selected or matched in the DNS rule when the GSS processes a DNS request.

Status

Indicates whether the answer is online (up) or offline (down).


Displaying Domain Statistics

You display the accumulated hit count for each configured host domain by entering the show statistics dns domain command. The statistics also include the per-second average hit count calculated during the last minute, a 5-minute interval, a 30-minute interval, and a 4-hour interval.

The syntax of this command is as follows:

show statistics dns domain {list | domain_name}

The keywords and arguments are as follows:

list—Lists the names of all domains configured for the GSS.

domain_name—Name of the domain that you want to view statistics.

Table 11-4 describes the fields in the show statistics dns domain command output.

Table 11-4 Field Descriptions for show statistics dns domain Command 

Field
Description

Domain

Name of the hosted domain.

Total Hits

Total number of hits for the specified hosted domain since the GSS was last started.

1-Min

Averaged per second hit count for the hosted domain, calculated during the last minute.

5-Min

Averaged per second hit count for the hosted domain, calculated during the last 5-minute interval.

30-Min

Averaged per second hit count for the hosted domain, calculated during the last 30-minute interval.

4-Hr

Averaged per second hit count for the hosted domain, calculated during the last 4-hour interval.


Displaying Domain List Statistics

You display the total accumulated hit count for each configured domain list by entering the show statistics dns domain-list command.

The syntax of this command is as follows:

show statistics dns domain-list {list | domain_list_name [verbose]}

The keywords and arguments are as follows:

list—Lists the names of all domains configured for the GSS.

domain_list_name—Specifies the name of the domain list that you want to view statistics.

verbose—Allows you to view detailed statistics for each domain that makes up a domain list.

Table 11-5 describes the fields in the show statistics dns domain-list verbose command output.

Table 11-5 Field Descriptions for show statistics dns domain-list verbose Command

Field
Description

Total Hit Count

Accumulated hit count for the hosted domain since the GSS was last started or statistics cleared.

Domain Name

Name of the hosted domain in the domain list.

Hit Count

Number of times that the hosted domain has been selected or matched in the DNS rule when the GSS processes a DNS request.


Displaying Global Statistics

You display general DNS statistics for the GSS device in use by entering the show statistics dns global command.

The syntax of this command is as follows:

show statistics dns global

Table 11-6 describes the fields in the show statistics dns global command output.

Table 11-6 Field Descriptions for show statistics dns global Command 

Field
Description

DnsQueriesRcvd

Total number of DNS queries received by the GSS from a requesting client D-proxy.

DnsHostAddrQueriesRcvd

Total number of host address queries received by the GSS from a requesting client D-proxy.

DnsResponsesSent

Total number of DNS responses sent by the GSS to a requesting client D-proxy.

DnsResponsesNoError

Total number of DNS responses sent by the GSS to a requesting client D-proxy without an error

DnsResponsesErrors

Total number of DNS responses sent by the GSS to a requesting client D-proxy with an error.

DnsServfailRCode

DNS server failure return code.

DnsNxdomainRCode

DNS NX domain return code.

DnsNotimpRCode

DNS not implemented return code.

DnsRefusedRCode

DNS refused return code.

DnsQueriesUnmatched

Total number of unmatched DNS queries received by the GSS from a requesting client D-proxy.

DnsDrops

Total number of DNS queries dropped by the GSS.

DnsNSFWDSent

Total number of queries that do not match domains on any GSS domain lists and have been forwarded by the GSS to an external DNS name server for resolution.

DnsBoomServReqSent

Total number of requests sent by the boomerang server in the GSS to initiate a DNS race.

DnsNSFWDResponsesRcvd

Total number of queries that have been forwarded to the GSS to an external DNS name server for resolution.

DnsProxLkupReqSent

Total number of proximity lookup requests sent by the selector to the proximity subsystem.

DnsProxLkupRespRecd

Total number of proximity lookup requests received by the selector from the proximity subsystem.

DnsReqRatePerSecondCur

Current request rate per second that requests are made to the GSS to perform a DNS resolution.

DnsReqRatePerSecondPeak

Peak request rate per second that requests are made to the GSS to perform a DNS resolution.

DnsStickyLkupReqSent

Total number of sticky lookup requests sent by the selector to the sticky subsystem.

DnsStickyAddReqSent

Total number of requests for IP addresses sent by the selector to the sticky subsystem.

DnsStickyHit

Total number of successful sticky answer matches for the DNS rule.

DnsStickyMiss

Total number of times that the GSS was unable to provide the sticky answer for the DNS rule.

DnsSrcPortErrorUdp

Total number of UDP errors that occurred on the DNS source port.

DnsSrcPortErrorTcp

Total number of TCP errors that occurred on the DNS source port.

DnsPollSocketError

Total number of socket connection errors.


Displaying DNS Rule Proximity Statistics

You display all proximity lookups by DNS rule name by entering the show statistics dns proximity rule command.


Note To clear proximity statistics related to the DNS server component of the GSS, use the clear statistics dns command. See the "Clearing GSS Global Server Load-Balancing Statistics" section for details.


The syntax of this command is as follows:

show statistics dns proximity rule

Table 11-7 describes the fields in the show statistics dns proximity rule command output.

Table 11-7 Field Descriptions for show statistics dns proximity rule Command

Field
Description

Rule

Name of the matched DNS rule.

Proximity Hit Count

Number of DNS requests that match the DNS rule.

Proximity Success Count

Number of DNS responses successfully returned with a proximate answer for the DNS rule.


Displaying DNS Rule Statistics

You display the total hit count and success count for each configured DNS rule by entering the show statistics dns rule command.

The syntax of this command is as follows:

show statistics dns rule [list | rule_name [verbose]]

The keywords and arguments are as follows:

list—(Optional) Lists the names of all DNS rules configured for the GSS.

rule_name—(Optional) Name of the DNS rule that you want to display statistics.

verbose—(Optional) Allows you to display detailed statistics for the specified rule.

Table 11-8 describes the fields in the show statistics dns rule rule_name verbose command output.

Table 11-8 Field Descriptions for show statistics dns rule verbose Command 

Field
Description

Total Hit Count

Accumulated hit count for the configured DNS rule since the GSS was last started.

Total Success Count

Accumulated number of successful answer matches for the DNS rule.

Clause

Number of the balance clause in the DNS rule.

Hit Count

Number of times that the DNS rule processed a DNS request.

Success Count

Number of successful answer matches for the DNS rule.

Status

Status of the clause. The possible states are as follows:

Active—Indicates that the clause is active.

Suspended—Indicates that the clause is administratively suspended.

Operational Suspend—Indicates that the GSS has suspended the clause because it was offline and the manual-reactivation option was enabled on the clause. For this state to display, you must have the global manual reactivation feature enabled on the primary GSSM.

Id

Internal ID number of the answer in the DNS rule.

Address

Name of the answer. Depending on the type of answer, the GSS displays the following:

VIP address of the answer (VIP-type answer)

Interface or circuit address (CRA-type answer)

IP address of the name server (Name Server-type answer)

Hit Count

Number of times that the answer has been selected or matched in the DNS rule when the GSS processes a DNS request.


Displaying DNS Rule Statistics for all GSSs in the GSS Mesh

From the primary GSSM, you can display rule statistics for all of the online GSS devices in the GSS mesh by using the show statistics gss-mesh all dns rule command. For every online GSS, the primary GSSM displays the total hit counts and success counts for each configured DNS rule.

The syntax of this command is as follows:

show statistics gss-mesh all dns rule [rule_name]

The optional rule_name argument is the name of the DNS rule that you want to display statistics.

Table 11-8 describes the fields in the show statistics gss-mesh all dns rule command output.

Table 11-9 Field Descriptions for show statistics gss-mesh all dns rule Command 

Field
Description

DNS rule name

Name of the DNS rule.

Total Hits

Accumulated hit count for the configured DNS rule since the GSS was last started.

Successful hits

Accumulated number of successful answer matches for the DNS rule.


Displaying Source Address Statistics

You display the accumulated hit count for each configured source address by entering the show statistics dns source-address command. The statistics also includes the per-second average hit count calculated during the last-minute, a 5-minute interval, a 30-minute interval, and a 4-hour interval.

The syntax of this command is as follows:

show statistics dns source-address {list | sa_name}

The keywords and arguments are as follows:

list—Lists the names of all source addresses configured for the GSS.

sa_name—Name of the source address that you want to view statistics.

Table 11-10 describes the fields in the show statistics dns source-address command output.

Table 11-10 Field Descriptions for show statistics dns source-address Command 

Field
Description

Src Address

IP address or CIDR address block of the client DNS proxy.

Total Hits

Total number of hits for the source address since the GSS was last started or statistics cleared.

1-Min

Averaged per second hit count for the source address, calculated during the last minute.

5-Min

Averaged per second hit count for the source address, calculated during the last 5-minute interval.

30-Min

Averaged per second hit count for the source address, calculated during the last 30-minute interval.

4-Hr

Averaged per second hit count for the source address, calculated during the last 4-hour interval.


Displaying Source Address List Statistics

You display the total hit count for each configured source address list by entering the show statistics dns source-address-list command. The statistics also include the last minute average, 5-minute average, 30-minute average, and 4-hour average of the hit counts.

The syntax of this command is as follows:

show statistics dns source-address-list {list | sa_list_name [verbose]}

The keywords and arguments are as follows:

list—Lists the names of all source addresses.

sa_list_name—Name of the source address list that you want to view statistics.

verbose—Allows you to view detailed statistics for each name in the source address list.

Table 11-11 describes the fields in the show statistics dns source-address-list command output.

Table 11-11 Field Descriptions for show statistics dns source-address-list verbose Command 

Field
Description

Total Hit Count

Accumulated hit count for the configured source address list since the GSS was last started or statistics cleared.

Source Address

IP address or CIDR address block of the client DNS proxy.

Hit Count

Number of times that the source address has been selected or matched in the DNS rule when the GSS processes a DNS request.


Displaying DNS Rule Sticky Statistics

You display all DNS sticky lookups by DNS rule name by entering the show statistics dns sticky rule command.


Note To clear sticky statistics related to the DNS server component of the GSS, use the clear statistics dns command. See the "Clearing GSS Global Server Load-Balancing Statistics" section for details.


The syntax of this command is as follows:

show statistics dns sticky rule

Table 11-12 describes the fields in the show statistics dns sticky rule command output.

Table 11-12 Field Descriptions for show statistics dns sticky rule Command 

Field
Description

Rule

Name of the matched DNS rule.

Sticky Hit Count

Total number of lookups in the sticky database for the DNS rule.

Sticky Success Count

Total number of successful sticky answer matches for the DNS rule.


Monitoring the Status of the DRP Agent on a GSS

You monitor statistics on the Director Response Protocol (DRP) agent by entering the show statistics drpagent command.


Note To clear statistics related to the DRP agent component of the GSS, use the clear statistics drpagent command. See the "Clearing GSS Global Server Load-Balancing Statistics" section for details.


The syntax of this command is as follows:

show statistics drpagent

Table 11-13 describes the fields in the show statistics drpagent command output.

Table 11-13 Field Descriptions for show statistics drpagent Command 

Field
Description

DRP agent enabled/disabled

Status of the DRP agent: enabled or disabled.

director requests

Number of director requests.

successful measured lookups

Number of successful DRP measure requests received by the DRP agent from all of the GSSs.

packet failures returned

Number of packet failures returned.

successful echos

Number of successful DRP echo requests (DRP keepalives) received by the DRP agent from all of the GSSs.

path-rtt probe source port

Source port of the path probe packets from the DRP agent.

path-rtt probe destination port

Destination port of the path probe packets from the DRP agent.

tcp-rtt probe source port

Source port of the TCP probe packets from the DRP agent.

tcp-rtt probe destination port

Destination port of the TCP probe packets from the DRP agent.


Monitoring DDoS Statistics on a GSS

This section describes the procedures you need to follow to display DDoS statistics from the CLI and contains the following topics:

Displaying DDoS Attack Statistics

Displaying DDoS Anti-Spoofing Statistics

Displaying DDoS Failed DNS Queries

Displaying DDoS Rate-Limit Values

Displaying the DDoS Running Configuration

Displaying DDoS Statistics

Displaying DDoS Status

Displaying DDoS Attack Statistics

You display the DNS attacks detected by the GSS by entering the show ddos attacks command (from privileged EXEC mode) or the show attacks command (from ddos configuration mode).


Note Before enabling the ddos configuration mode, ensure that the DDoS license has already been installed on the GSS. For more details, see the Cisco Global Site Selector Administration Guide.



Note Note that only IPv4 traffic is supported.


The syntax of this command is as follows:

show [ddos] attacks

Table 11-14 describes the fields in the show [ddos] attacks command output.

Table 11-14 Field Descriptions for show [ddos] attacks Command 

Field
Description

Total Attacks

Total number of DNS attacks detected by the GSS.

Reflection attack

Attack in which the IP address of the victim (that is, the GSS) is spoofed and multiple DNS requests are sent to a DNS server or multiple DNS servers posing as the victim.

Malformed DNS packet attacks

Attack in which the GSS is flooded with malformed DNS packets.

Failed Global Domain attacks

Failed domain counter provides a total for DNS queries that failed to match the global domain name.

Global Rate-limit exceeded attacks

Attack in which the maximum number of DNS requests that the GSS receives from the D-proxy per second exceeds the global limit.


For example, enter:

gssm1.example.com(config-ddos)# show attacks
 
   
	Total Attacks									:0
		Reflection attack									:0
		Malformed DNS packet attacks									:0
		Failed Global Domain attacks									:0
		Global Rate-limit exceeded attacks	:0

Displaying DDoS Anti-Spoofing Statistics

You display the spoofed and trusted D-proxies on the GSS by entering the show ddos dproxy command (from privileged EXEC mode) or the show dproxy command (from ddos configuration mode).


Note Before enabling the ddos configuration mode, ensure that the DDoS license has already been installed on the GSS. For more details, see the Cisco Global Site Selector Administration Guide.


The syntax of this command is as follows:

show [ddos] dproxy [ipaddress | spoofed | trusted]

The keywords and arguments are as follows:

ipaddress—D-proxy IP address.

spoofed—Shows the spoofed D-proxies.

trusted—Shows the trusted D-proxies.

Table 11-15 describes the fields in the show [ddos] dproxy command output.

Table 11-15 Field Descriptions for show [ddos] d-proxy Command 

Field
Description

Dproxy Address

IP address of the D-proxy.

Spoofed/Nonspoofed

Spoofed or nonspoofed D-proxy.

Drops

Number of dropped packets due to anti-spoofing failure.


For example, enter:

gssm1.example.com# show ddos dproxy 16.1.1.11
 
   
	DPROXY ADDRESS					SPOOFED/NONSPOOFED				DROPS
	----------					------					---------------
	16.1.1.11					Spoofed					3

Displaying DDoS Failed DNS Queries

You display the following by entering the show ddos failed-dns command (from privileged EXEC mode) or the show failed-dns command (from ddos configuration mode):

The last x number of domain names that caused failed DNS queries at the GSS

The number of failed DNS queries per D-proxy

Failed DNS queries see DNS queries for a domain not configured on the GSS.


Note Before enabling the ddos configuration mode, ensure that the DDoS license has already been installed on the GSS. For more details, see the Cisco Global Site Selector Administration Guide.


The syntax of this command is as follows:

show [ddos] failed-dns [failed-domains | global-domain-rules | gslb-rules]

The keywords and arguments are as follows:

failed-domains—Shows the failed domain names due to a GSLB-rule mismatch.


Note Even if DDoS is disabled, you can use this option to list the failed domain names due to the GSLB-rule mismatch. The list is updated even if DDoS is disabled.


global-domain—Shows the number of failures due to a global domain mismatch.

gslb-rules—Shows the number of failures due to a GSLB-rule mismatch.

Table 11-16 describes the fields in the show [ddos] failed-dns command output.

Table 11-16 Field Description for show [ddos] failed-dns Command 

Field
Description

Global domain check drops

Number of dropped packets as a result of a global domain name check.

Dproxy Address

IP address of the D-proxy.

Number of Failed DNS queries

Number of failed DNS queries as a result of a GSLB-rule check.


For example, enter:

gssm1.example.com# show ddos failed-dns failed-domains
www.test.com
www.test.com
www.example.com
 
   
gssm1.example.com# show ddos failed-dns global-domain-rules
Global domain check drops			:4
 
   
gssm1.example.com# show ddos failed-dns gslb-rules
	DPROXY ADDRESS					NUMBER OF FAILED DNS QUERIES
	----------					----------------------------
	16.1.1.14					0
	16.1.1.13					0
16.1.1.11					0
16.1.1.12					0

Displaying DDoS Rate-Limit Values

You display the rate limits per D-proxy and the number of packets dropped per source by entering the show ddos rate-limit command (from privileged EXEC mode) or the show rate-limit command (from ddos configuration mode).

The syntax of this command is as follows:

show [ddos] rate-limit [ipaddress | global | unknown]

The keywords and arguments are as follows:

ipaddress—IP address of the D-proxy.

global—Specifies the global rate-limit on the GSS.

unknown—Specifies the unknown D-proxy rate limit on the GSS.

Table 11-17 describes the fields in the show [ddos] rate-limit command output.

Table 11-17 Field Descriptions for show [ddos] rate-limit Command

Field
Description

Dproxy Address

IP address of the D-proxy.

Rate-limit

Maximum number of DNS requests that the GSS can receive from a D-proxy per second.

Applied Rate Limit

This value is based on the following:

rate-limit * scaling factor/100

Drops

Number of packets dropped because of the rate-limit.


For example, enter:

gssm1.example.com# show ddos rate-limit 16.1.1.11
 
   
	Dproxy Address					Rate-limit			Applied Rate Limit 				 		Drops
	----------					------			---------------						-----
	16.1.1.11					0			1200	0					0

Displaying the DDoS Running Configuration

You display the contents of the DDos running configuration file by entering the show ddos-config command (from privileged EXEC or ddos configuration mode).

The syntax of this command is as follows:

show ddos-config

Table 11-18 describes the fields in the show ddos-config command output.

Table 11-18 Field Descriptions for show ddos-config Command 

Field
Description

enable

DDoS detection and mitigation module status, enabled or disabled.

rate-limit global

Global rate limit configured on the GSS.

tolerance factor

Helps determine the rate limit.

peacetime database

Peacetime database identifier.

global domain

Global domain name identifier.

dproxy trusted

D-proxy added or deleted from a trusted D-proxy database.

mitigation-rule response enable

Enables mitigation rules for the following DNS responses:

Packets are dropped with a source port other than 53 and QR bit of 1 (response) when responses come from a source port other than 53.

Packets are dropped with a destination port of 53 and a QR bit of 1 (response) when responses come to port 53.

mitigation-rule request enable

Enables mitigation rules for DNS requests in which packets are dropped with a source port equal to 53, but less than 1024, and a QR bit of 0 (request).


For example, enter:

gssm1.example.com# show ddos-config
ddos
	enable
	rate-limit global 10000
	tolerance-factor dproxy 2
	peacetime database abc
	global domain www.level1.com
	dproxy trusted 16.1.1.13
	dproxy trusted 16.1.1.14
	rate-limit 16.1.1.12 40
	rate-limit 16.1.1.12 40
	rate-limit 16.1.1.11 40
 
   
	mitigation-rule response enable
	mitigation-rule request enable

Displaying DDoS Statistics

You display DDoS statistics by entering the show statistics ddos command (from privileged EXEC mode), or the show statistics command (from ddos configuration mode).


Note Clear statistics related to the DDoS detection and mitigation component of the GSS by entering the clear statistics ddos command. See the "Clearing GSS Global Server Load-Balancing Statistics" section for details.


The syntax of this command is as follows:

show statistics [ddos] [attacks | global]

The keywords and arguments are as follows:

attacks—Displays attack statistics.

global—Displays global statistics.

Table 11-19 describes the fields in the show statistics ddos attacks command output.

Table 11-19 Field Descriptions for show statistics ddos attacks Command 

Field
Description

Total Attacks

Total number of DDoS attacks on the GSS.

Reflection attacks

Attack in which the IP address of the victim (that is, the GSS) is spoofed and multiple DNS requests are sent to a DNS server or multiple DNS servers posing as the victim.

Malformed DNS packet attacks

Attack in which the GSS is flooded with malformed DNS packets.

Failed Global Domain attacks

Attack in which the GSS is flooded with failed global domain attacks.

Global Rate-limit exceeded attacks

Attack in which the global rate-limit threshold has been exceeded.


For example, enter:

gssm1.example.com# show statistics ddos attacks
	Total Attacks									:0
		Reflection attack									:0
		Malformed DNS packet attacks									:0
		Failed Global Domain attacks									:0
		Global Rate-limit exceeded attacks	:0
 
   

Table 11-20 describes the fields in the show statistics ddos global command output.

Table 11-20 Field Descriptions for show ddos statistics global Command 

Field
Description

Total packets received

Packets received and handled by the GSS. The Total packets received counter is the sum of the legitimate counter and the malicious counter.

Total packets dropped

Packets that were identified by the GSS DDoS protection and mitigation functions as part of an attack and dropped.

Total Anti-spoofing triggered

Total number of packets that triggered the GSS anti-spoofing mechanism.

Total Validated DNS requests

Total number of packets successfully identified as part of an anti-spoofing attack.

Rate-limit drops

Packets that were identified by the GSS DDoS protection and mitigation rate-limiting functions as part of an attack and dropped. The rate limit is the maximum number of DNS requests that the GSS can receive from the D-proxy per second.

Global Rate-limit drops

Packets that were identified by the GSS DDoS protection and mitigation global rate-limiting function as part of an attack and dropped.

Unknown dproxies drops

An D-proxy that has not been classified as spoofed or non-spoofed by the DDoS protection and mitigation function is unknown. The DDoS function starts anti-spoofing for an unknown D-proxy. If the number of packets from unknown D-Proxies exceeds the specified rate limit, the unknown drops start.

Spoofed packet drops

Packets that were identified by the GSS DDoS protection and mitigation anti-spoofing functions as part of an attack and dropped.

Malformed packet drops

Packets that were identified by the GSS DDoS protection and mitigation functions as a malformed packet and dropped.

Mitigation rules drops

Packets that were identified by the GSS DDoS protection and mitigation functions as violating mitigation rules and dropped.

Global domain name drops

Packets that were identified by the GSS DDoS protection and mitigation functions as a global domain name and dropped.

Ongoing anti-spoofing drops

Packets that were identified by the GSS DDoS protection and mitigation anti-spoofing functions as part of an ongoing attack and dropped.


For example, enter:

gssm1.example.com# show statistics ddos global
	Total packets received							:6
	Total packets dropped		 					:2
 
   
	Total Anti-Spoofing triggered								:0
	Total Validated DNS requests								:0
 
   
	Dropped Packets Statistics:
	-----------------------------
	Rate limit drops 								:0
	Global Rate limit drops								:0
	Unknown dproxies drops								:0
	Spoofed packet drops 								:2
	Malformed packet drops								:0
	Mitigation rule drops 								:0
	Global domain drops								:0
	Ongoing anti-spoofing drops 								:0

Displaying DDoS Status

You display DDoS statistics by entering the show ddos status command (from privileged EXEC mode) or the show status command (from ddos configuration mode).

The syntax of this command is as follows:

show [ddos] status

Table 11-21 describes the field in the show ddos status command output.

Table 11-21 Field Description for show [ddos] status Command

Field
Description

DDoS Status

Status of the DDoS detection and mitigation module in the GSS, either enabled or disabled.


For example, enter:

gss1.yourdomain.com# show ddos status
DDoS Status	: Disabled

Monitoring the Status of Keepalives on a GSS

The keepalive engine on each GSS device monitors the current online status of the configured keepalives managed by the GSS. You can view statistics for all keepalive types on your network, or limit statistics to a specific keepalive type, such as CRA, HTTP HEAD, ICMP, KAL-AP, name server, or TCP.

You use the show statistics keepalive command option to view statistics about the health of your GSS keepalives globally or by keepalive type.

This section contains the following topics:

Displaying CRA Keepalive Statistics

Displaying Global Keepalive Statistics

Displaying HTTP HEAD Keepalive Statistics

Displaying HTTPS HEAD Keepalive Statistics

Displaying ICMP Keepalive Statistics

Displaying KAL-AP Keepalive Statistics

Displaying Scripted Keepalive Statistics

Displaying Name Server Keepalive Statistics

Displaying TCP Keepalive Statistics

Displaying CRA Keepalive Statistics

You display statistics for configured content routing agent (CRA) keepalive types managed by the GSS and used with boomerang-type answers by using the show statistics keepalive cra command.

The syntax of this command is as follows:

show statistics keepalive cra {ip_address | all | list}

The keywords and arguments are as follows:

ip_address—IP address to display keepalive statistics. You can only use an IPv4 address.

all—Displays all configured CRA-type keepalives.

list—Lists all available IP addresses.

Table 11-22 describes the fields in the show statistics keepalive cra all command output.

Table 11-22 Field Descriptions for show statistics keepalive cra all Command 

Field
Description

IP

IP address of the answer resource probed by the GSS.

Keepalive

Name assigned to the answer.

Status

State of the keepalive. The possible states are Online, Offline, Init, and Suspended.

One Way Delay

One-way delay time, in milliseconds, used by the GSS to calculate a static round-trip time (RTT), with the one-way delay constituting one-half of the round-trip time that is used for all DNS races involving this answer.

Packets Sent

Total number of keepalive packets sent to the answer by the GSS.

Packets Received

Total number of keepalive packets received by the GSS from the answer.

Positive Probe

Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.

Negative Probe

Total number of keepalive probes sent to the answer that resulted in a negative response.

Transitions

Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.

GID

Global ID number used by the GSS.

LID

Local ID number used by the GSS.


Displaying Global Keepalive Statistics

You display all keepalive statistics managed by the GSS device by using the show statistics keepalive global command.

The syntax of this command is as follows:

show statistics keepalive global

Table 11-23 describes the fields in the show statistics keepalive global command output.

Table 11-23 Field Descriptions for show statistics keepalive global Command 

Field
Description

ICMP Probe Success Count

Number of ICMP queries sent to the answer that resulted in a successful response.

ICMP Probe Failure Count

Number of ICMP queries sent to the answer that resulted in a failure.

ICMP 'echo request' packets sent

Number of ICMP echo request messages sent to the answer.

ICMP 'echo reply' packets received

Number of ICMP echo reply messages received by the GSS from the answer.

Configured ICMP Probe Count

Number of configured ICMP probes sent to the answer.

ONLINE ICMP Probe Count

Number of ICMP probes sent to the answer that returned an Online state for the keepalive.

OFFLINE ICMP Probe Count

Number of ICMP probes sent to the answer that returned an Offline state for the keepalive.

SUSPENDED ICMP Probe Count

Number of ICMP probes sent to the answer that returned a Suspended state for the keepalive.

INIT ICMP Probe Count

Number of ICMP probes sent to the answer that returned an Init state for the keepalive.

DNS Probe Success Count

Number of DNS request probes sent by the GSS that resulted in a successful response.

DNS Probe Failure Count

Number of DNS request probes sent by the GSS that resulted in a failure.

DNS packets sent

Number of DNS request packets sent by the GSS.

DNS packets received

Number of DNS request packets received by the GSS.

Configured DNS Probe Count

Number of DNS request probes sent by the GSS.

ONLINE DNS Probe Count

Number of DNS request probes sent that returned an Online state for the keepalive.

OFFLINE DNS Probe Count

Number of DNS request probes that returned an Offline state for the keepalive.

SUSPENDED DNS Probe Count

Number of DNS request probes sent that returned a Suspended state for the keepalive.

INIT DNS Probe Count

Number of DNS request probes sent that returned an Init state for the keepalive.

KAL-AP Probe Success Count

Number of KAL-AP queries sent to the answer that resulted in a successful response.

KAL-AP Probe Failure Count

Number of KAL-AP queries sent to the answer that resulted in a failure.

KAL-AP packets sent

Number of KAL-AP packets sent to the answer.

KAL-AP packets received

Number of KAL-AP packets received by the GSS from the answer.

Configured KAL-AP Probe Count

Number of configured KAL-AP probes sent to the answer.

ONLINE KAL-AP Probe Count

Number of KAL-AP probes sent to the answer that returned an Online state for the keepalive.

OFFLINE KAL-AP Probe Count

Number of KAL-AP probes sent to the answer that returned an Offline state for the keepalive.

SUSPENDED KAL-AP Probe Count

Number of KAL-AP probes sent to the answer that returned a Suspended state for the keepalive.

INIT KAL-AP Probe Count

Number of KAL-AP probes sent to the answer that returned an Init state for the keepalive.

CRA Probe Success Count

Number of CRA queries sent to the answer that resulted in a successful response.

CRA Probe Failure Count

Number of CRA queries sent to the answer that resulted in a failure.

CRA packets sent

Number of CRA packets sent to the answer.

CRA packets received

Number of CRA packets received by the GSS from the answer.

Configured CRA Probe Count

Number of configured CRA probes sent to the answer.

ONLINE CRA Probe Count

Number of CRA probes sent to the answer that returned an Online state for the keepalive.

OFFLINE CRA Probe Count

Number of KAL-AP probes sent to the answer that returned an Offline state for the keepalive.

SUSPENDED CRA Probe Count

Number of KAL-AP probes sent to the answer that returned a Suspended state for the keepalive.

INIT CRA Probe Count

Number of KAL-AP probes sent to the answer that returned an Init state for the keepalive.

HTTP-HEAD Probe Success Count

Number of HTTP-HEAD queries sent to the answer that resulted in a successful response.

HTTP-HEAD Probe Failure Count

Number of HTTP-HEAD queries sent to the answer that resulted in a failure.

HTTP-HEAD packets sent

Number of HTTP-HEAD packets sent to the answer.

HTTP-HEAD packets received

Number of HTTP-HEAD packets received by the GSS from the answer.

Configured HTTP-HEAD Probe Count

Number of configured HTTP-HEAD probes sent to the answer.

ONLINE HTTP-HEAD Probe Count

Number of HTTP-HEAD probes sent to the answer that returned an Online state for the keepalive.

OFFLINE HTTP-HEAD Probe Count

Number of HTTP-HEAD probes sent to the answer that returned an Offline state for the keepalive.

SUSPENDED HTTP-HEAD Probe Count

Number of HTTP-HEAD probes sent to the answer that returned a Suspended state for the keepalive.

INIT HTTP-HEAD Probe Count

Number of HTTP-HEAD probes sent to the answer that returned an Init state for the keepalive.

HTTPS-HEAD Probe Success Count

Number of HTTPS-HEAD queries sent to the answer that resulted in a successful response.

HTTPS-HEAD Probe Failure Count

Number of HTTPS-HEAD queries sent to the answer that resulted in a failure.

HTTPS-HEAD packets sent

Number of HTTPS-HEAD packets sent to the answer.

Configured HTTPS-HEAD Probe Count

Number of HTTPS-HEAD packets received by the GSS from the answer.

ONLINE HTTPS-HEAD Probe Count

Number of configured HTTPS-HEAD probes sent to the answer.

OFFLINE HTTPS-HEAD Probe Count

Number of HTTPS-HEAD probes sent to the answer that returned an Online state for the keepalive.

SUSPENDED HTTPS-HEAD Probe Count

Number of HTTPS-HEAD probes sent to the answer that returned an Offline state for the keepalive.

INIT HTTPS-HEAD Probe Count

Number of HTTPS-HEAD probes sent to the answer that returned a Suspended state for the keepalive.

TCP Probe Success Count

Number of TCP queries sent to the answer that resulted in a successful response.

TCP Probe Failure Count

Number of TCP queries sent to the answer that resulted in a failure.

TCP packets sent

Number of TCP packets sent to the answer.

TCP packets received

Number of TCP packets received by the GSS from the answer.

Configured TCP Probe Count

Number of configured TCP probes sent to the answer.

ONLINE TCP Probe Count

Number of TCP probes sent to the answer that returned an Online state for the keepalive.

OFFLINE TCP Probe Count

Number of TCP probes sent to the answer that returned an Offline state for the keepalive.

SUSPENDED TCP Probe Count

Number of TCP probes sent to the answer that returned a Suspended state for the keepalive.

INIT TCP Probe Count

Number of TCP probes sent to the answer that returned an Init state for the keepalive.

Total Configured Probe Count

Total number of configured keepalive probes.


Displaying HTTP HEAD Keepalive Statistics

You display statistics for configured HTTP HEAD keepalive types managed by the GSS and used with VIP-type answers by using the show statistics keepalive http-head command.

The syntax of this command is as follows:

show statistics keepalive http-head {ip_address | all | list}

The keywords and arguments are as follows:

ip_address—IP address to display keepalive statistics. Enter either an IPv4 or an IPv6 IP address.

all—Displays all configured HTTP HEAD-type keepalives.

list—Lists all available IP addresses.

Table 11-24 describes the fields in the show statistics keepalive http-head all command output.

Table 11-24 Field Descriptions for show statistics keepalive http-head all Command 

Field
Description

IP

IP address of the answer resource probed by the GSS.

Keepalive

IP address of the keepalive target.

Status

State of the keepalive. The possible states are Online, Offline, Init, and Suspended.

Keepalive Type

Standard or Fast KAL-AP keepalive transmission rate used to define the failure detection time for the GSS.

Destination Port

Port on the remote device receiving the HTTP HEAD-type keepalive request from the GSS.

HTTP Path

Default path that is relative to the server website being queried in the HTTP HEAD request.

Host Tag

Domain name that is sent to the VIP as part of the HTTP HEAD query in the Host tag field of the shared keepalive configuration.

Packets Sent

Total number of keepalive packets sent to the answer by the GSS.

Packets Received

Total number of keepalive packets received by the GSS from the answer.

Positive Probe

Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.

Negative Probe

Total number of keepalive probes sent to the answer that resulted in a negative response.

Transitions

Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.

GID

Global ID number used by the GSS.

LID

Local ID number used by the GSS.


Displaying HTTPS HEAD Keepalive Statistics

You display statistics for configured HTTPS HEAD keepalive types managed by the GSS and used with VIP-type answers by using the show statistics keepalive https-head command.

The syntax of this command is as follows:

show statistics keepalive https-head {ip_address | all | list}

The keywords and arguments are as follows:

ip_address—IP address to display keepalive statistics. Enter either an IPv4 or an IPv6 IP address.

all—Displays all configured HTTP HEAD-type keepalives.

list—Lists all available IP addresses.

Table 11-25 describes the fields in the show statistics keepalive https-head all command output.

Table 11-25 Field Descriptions for show statistics keepalive http-head all Command 

Field
Description

IP

IP address of the answer resource probed by the GSS.

Keepalive

IP address of the keepalive target.

Status

State of the keepalive. The possible states are Online, Offline, Init, and Suspended.

Keepalive Type

Standard or Fast KAL-AP keepalive transmission rate used to define the failure detection time for the GSS.

Destination Port

Port on the remote device receiving the HTTPS HEAD-type keepalive request from the GSS.

HTTPS Path

Default path that is relative to the server website being queried in the HTTPS HEAD request.

Host Tag

Domain name that is sent to the VIP as part of the HTTPS HEAD query in the Host tag field of the shared keepalive configuration.

Packets Sent

Total number of keepalive packets sent to the answer by the GSS.

Packets Received

Total number of keepalive packets received by the GSS from the answer.

Positive Probe

Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.

Negative Probe

Total number of keepalive probes sent to the answer that resulted in a negative response.

Transitions

Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.

GID

Global ID number used by the GSS.

LID

Local ID number used by the GSS.


Displaying ICMP Keepalive Statistics

You display statistics for configured ICMP keepalive types managed by the GSS and used with VIP-type answers by using the show statistics keepalive icmp command.

The syntax of this command is as follows:

show statistics keepalive icmp {ip_address | all | list}

The keywords and arguments are as follows:

ip_address—Specifies the IP address to display keepalive statistics. You can use either an IPv4 or an IPv6 IP address.

all—Displays all configured ICMP-type keepalives.

list—Lists all available IP addresses.

Table 11-26 describes the fields in the show statistics keepalive icmp all command output.

Table 11-26 Field Descriptions for show statistics keepalive icmp all Command 

Field
Description

IP

IP address of the answer resource probed by the GSS.

Keepalive

IP address of the keepalive target.

Status

State of the keepalive. The possible states are Online, Offline, Init, and Suspended.

Keepalive Type

Standard or Fast KAL-AP keepalive transmission rate used to define the failure detection time for the GSS.

Packets Sent

Total number of keepalive packets sent to the answer by the GSS.

Packets Received

Total number of keepalive packets received by the GSS from the answer.

Positive Probe

Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.

Negative Probe

Total number of keepalive probes sent to the answer that resulted in a negative response.

Transitions

Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.

GID

Global ID number used by the GSS.

LID

Local ID number used by the GSS.


Displaying KAL-AP Keepalive Statistics

You display statistics for configured KAL-AP keepalive types managed by the GSS and used with VIP-type answers by using the show statistics keepalive kalap command.

The syntax of this command is as follows:

show statistics keepalive kalap {ip_address | all | list}

The keywords and arguments are as follows:

ip_address—IP address to display keepalive statistics. Enter an IPv4 IP address.

all—Displays all configured KAL-AP-type keepalives.

list—Lists all available IP addresses.

Table 11-27 describes the fields in the show statistics keepalive kalap all command output.

Table 11-27 Field Descriptions for show statistics keepalive kalap all Command 

Field
Description

IP

IP address of the answer resource probed by the GSS.

Keepalive

IP address of the keepalive target.

Status

State of the keepalive. The possible states are Online, Offline, Init, and Suspended.

Keepalive Type

Standard or Fast KAL-AP keepalive transmission rate used to define the failure detection time for the GSS.

Tag

Alphanumeric tag associated with the VIP in the KAL-AP request.

Primary Circuit

Primary (master) IP address.

Secondary Circuit

Secondary (backup) IP address.

Load

Load threshold value used to determine whether an answer is available, regardless of the balance method used.

Circuit Transitions

Number of times that the circuit changed state.

VIP Failovers

Number of times that the VIP switched to or from the primary DNS server and the secondary DNS server.

Packets Sent

Total number of keepalive packets sent to the answer by the GSS.

Packets Received

Total number of keepalive packets received by the GSS from the answer.

Positive Probe

Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.

Negative Probe

Total number of keepalive probes sent to the answer that resulted in a negative response.

Transitions

Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.

GID

Global ID number used by the GSS.

LID

Local ID number used by the GSS.


Displaying Scripted Keepalive Statistics

You display statistics for configured Scripted keepalive types managed by the GSS and used with VIP-type answers by using the show statistics keepalive scripted-kal command.

The syntax of this command is as follows:

show statistics keepalive scripted-kal {name | all | list}

The keywords and arguments are as follows:

name—KAL name for which you wish to display keepalive statistics.

all—Displays all configured Scripted keepalives.

list—Lists all available IP addresses.

Table 11-28 describes the fields in the show statistics keepalive scripted-kal all command output.

Table 11-28 Field Descriptions for show statistics keepalive scripted-kal all Command 

Field
Description

IP

IP address of the SLB. Enter either an IPv4 or an IPv6 address.

Keepalive

Target IP address of the keepalive.

Status

State of the keepalive. The possible states are Online, Offline, Init, and Suspended.

Keepalive Type

Type of keepalive. The potential types are CRA, ICMP, TCP, KAL-AP, Answer, Scripted keepalive, and HTTP-HEAD.

Kal Name

Name of the applicable keepalive.

Scripted Kal Type

Type of Scripted keepalive. The potential types are cisco-slb, f5-slb, snmp-mib-indexed-by-vip, snmp-mib-not-indexed-by-vip, and snmp-scalar.

OID

SNMP request sent for this OID.There are two types of OIDs: scalar and vector or table. For a scalar-type OID, the filter is not required, while for a vector-type, it is a requirement.

When you query for the vector OID, you get all the information in the table describing all of the VIPs configured at the target device. In this data, the load information for some VIPs configured at the GSS is the only information of real value, however.

OID Type

The OID-Type is supported for snmp-mib-indexed-by-vip and snmp-mib-nonindexed-by-vip. There are two OID types: IpAddress or InetAddress. The IpAddress setting is for compatibility purposes with an older software release where the MIB structure supports the OID type as IpAddress. If you specify InetAddress, the MIB structure supports the OID type as InetAddress, and InetAddress supports IPv4 and IPv6 addresses

Community Name

SNMP community name defined at the target device.

Filter

Required entry when fetching load information for some VIPs configured at the GSS.

Load

Load threshold value used to determine whether an answer is available, regardless of the balance method used.

Max VIP Load

Value that the user sets at the Answer page.

No. of Execution

Number of times that the script is executed.

Positive Probe

Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.

Negative Probe

Total number of keepalive probes sent to the answer that resulted in a negative response.

Transitions

Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.

VIP GID

VIP Global ID number used by the GSS.

LID

Local ID number used by the GSS.

Keepalive GID

Global ID number of the keepalive.


Displaying Name Server Keepalive Statistics

You display statistics for configured name server (NS) keepalive types managed by the GSS and used with name server type answers by using the show statistics keepalive ns command.

The syntax of this command is as follows:

show statistics keepalive ns {ip_address | all | list}

The keywords and arguments are as follows:

ip_address—IP address to display keepalive statistics. Enter an IPv4 address.

all—Displays all configured name server-type keepalives.

list—Lists all available IP addresses.

Table 11-29 describes the fields in the show statistics keepalive ns all command output.

Table 11-29 Field Descriptions for show statistics keepalive ns all Command 

Field
Description

IP

IP address of the answer resource probed by the GSS.

Keepalive

IP address of the keepalive target.

Status

State of the keepalive. The possible states are Online, Offline, Init, and Suspended.

Domain

Globally defined domain name that the GSS queries when utilizing the NS keepalive.

Packets Sent

Total number of keepalive packets sent to the answer by the GSS.

Packets Received

Total number of keepalive packets received by the GSS from the answer.

Positive Probe

Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.

Negative Probe

Total number of keepalive probes sent to the answer that resulted in a negative response.

Transitions

Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.

GID

Global ID number used by the GSS.

LID

Local ID number used by the GSS.


Displaying TCP Keepalive Statistics

You display statistics for configured TCP keepalive types managed by the GSS and used with VIP-type answers by using the show statistics keepalive tcp command.

The syntax of this command is as follows:

show statistics keepalive tcp {ip_address | all | list}

The keywords and arguments are as follows:

ip_address—IP address to display keepalive statistics.Enter an IPv4 or an IPv6 IP address.

all—Displays all configured TCP-type keepalives.

list—Lists all available IP addresses.

Table 11-30 describes the fields in the show statistics keepalive tcp all command output.

Table 11-30 Field Descriptions for show statistics keepalive tcp all Command 

Field
Description

IP

IP address of the answer resource probed by the GSS.

Keepalive

IP address of the keepalive target.

Status

State of the keepalive. The possible states are Online, Offline, Init, and Suspended.

Keepalive Type

Standard or Fast KAL-AP keepalive transmission rate used to define the failure detection time for the GSS.

Destination Port

Port on the remote device receiving the TCP keepalive request.

Packets Sent

Total number of keepalive packets sent to the answer by the GSS.

Packets Received

Total number of keepalive packets received by the GSS from the answer.

Positive Probe

Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.

Negative Probe

Total number of keepalive probes sent to the answer that resulted in a negative response.

Transitions

Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.

GID

Global ID number used by the GSS.

LID

Local ID number used by the GSS.


Monitoring Network Proximity Statistics on a GSS

The proximity component displays statistics about the network proximity operation of your GSS device. Network proximity statistics include information about the proximity database on the GSS device, individual zones, probing requests, and RTT coverage.

This section contains the following topics:

Displaying DNS Rule Proximity Statistics

Displaying Proximity Database Statistics

Displaying Proximity Group Statistics

Displaying Proximity Lookup Statistics

Displaying Proximity Probe Transfer Statistics

Displaying Proximity Status

Displaying Proximity Group Configuration

Displaying Proximity Database Status

Displaying DNS Rule Proximity Statistics

You display all proximity lookups by DNS rule name by using the show statistics dns proximity rule command.

The syntax of this command is as follows:

show statistics dns proximity rule

Table 11-31 describes the fields in the show statistics dns proximity rule command output.

Table 11-31 Field Descriptions for show statistics dns proximity rule Command

Field
Description

ProxRule

Name of the matched DNS rule.

Proximity Hit Count

Number of DNS requests that match the DNS rule.

Proximity Success Count

Number of DNS responses successfully returned with a proximate answer for the DNS rule.


Displaying Proximity Database Statistics

You can view overall statistics on the proximity database, such as the number of entries currently in the proximity database, the number of entries dropped, and the rate of lookups by using the show statistics proximity database command.

The syntax of this command is as follows:

show statistics proximity database

Table 11-32 describes the fields in the show statistics proximity database command output.

Table 11-32 Field Descriptions for show statistics proximity database Command 

Field
Description

Number of Entries in Use

Number of entries currently in the proximity database.

Number of Add Entries Dropped

Number of entry creation requests that the GSS dropped because the proximity database limit had been reached.

Max Number of Entries Used

Maximum number of entries used in the proximity database.

Max Number of Entries Allowed

Maximum number of entries that the proximity database can hold (500,000 entries).

Number of Database Dump Started

Number of times the GSS initiated a proximity database dump, including user-initiated database dumps and periodic system-initiated database dumps

Number of Database Dump Completed

Number of times the GSS completed a proximity database dump, including user-initiated database dumps and periodic system-initiated database dumps.

Number of Database Dump Failed

Number of times the GSS failed to perform a proximity database dump, including user-initiated database dumps and periodic system-initiated database dumps.

Last Database Dump Started Time

The last time the GSS started a proximity database dump.

Last Database Dump Failed Time

The last time the GSS failed to complete a proximity database dump.

Number of Database Cleanup Started

Number of times the GSS initiated a database cleanup to remove the least recently used entries from the proximity database.

Number of Database Cleanup Completed

Number of times the GSS completed a database cleanup to remove the least recently used entries from the proximity database.

Number of Database Cleanup Failed

Number of times the GSS failed to cleanup the least recently used entries from the proximity database.

Last Database Cleanup Started Time

The last time the GSS started the database cleanup process.

Last Database Cleanup Failed Time

The last time the GSS failed to complete the database cleanup process.


Displaying Proximity Group Statistics

You display a summary of statistics for all configured proximity groups by using the show statistics proximity group-summary command.

The syntax of this command is as follows:

show statistics proximity group-summary


Note This command displays the proximity statistics to the console only if the number of proximity groups is less than 1000. If the number of proximity groups is more than 1000, an error message displays asking you to execute the proximity statistics group-summary dump filename command.


Table 11-33 describes the fields in the show statistics proximity group-summary command output.

Table 11-33 Field Descriptions for show statistics proximity group-summary Command 

Field
Description

Group Name

Unique alphanumeric name of the proximity group.

Target IP

Probe target IP address used by the proximity group, displayed in dotted-decimal notation.

Total Entries

Total number of D-proxy IP address and subnet mask pairs contained in the proximity group.

Total Hits

Accumulated hit count for all entries in the proximity group. Increments when a match occurs for any proximity group entry in the group.


You display statistics for a specific proximity group by using the show statistics proximity group-name command.

The syntax of this command is as follows:

show statistics proximity group-name groupname

Enter the exact name of a proximity group to display all proximity database entries related to that group.

Table 11-34 describes the fields in the show statistics proximity group-name command output.

Table 11-34 Field Descriptions for show statistics proximity group-name Command 

Field
Description

Group Name

Unique alphanumeric name of the proximity group.

Total Entries

Total number of D-proxy IP addresses or block of IP addresses included in the proximity group.

Target IP

Probe target IP address used by the proximity group, displayed in dotted-decimal notation.

Address

D-proxy IP address included in the proximity group.

Prefix

Subnet mask used to specify the block of IP addresses included in the proximity group, displayed as an integer (for example, 24 or 32)

Hit Counts

Number that increments when a match occurs for this proximity group entry

Last Hit Time

Last time the hit count incremented due to an entry match


Displaying Proximity Lookup Statistics

You display statistics about the proximity lookups that have occurred on this GSS by using the show statistics proximity lookup command.

The syntax of this command is as follows:

show statistics proximity lookup

Table 11-35 describes the fields in the show statistics proximity lookup command output.

Table 11-35 Field Descriptions for show statistics proximity lookup Command 

Field
Description

Total lookup requests

Total number of proximity lookup requests made to the proximity database.

Database entry not found

Number of times the GSS was unable to locate a proximate answer in the database.

Partial RTT data returned

Number of times only partial round-trip time (RTT) data was returned to the DNS service by the proximity subsystem.

Current lookup request rate

Current request rate per second that requests are made by the DNS service to perform a proximity lookup in the database.

Peak lookup request rate

Peak request rate per second that requests are made by the DNS service to perform a proximity lookup in the database.

Lookup failed due to database full

Number of times the GSS was unable to complete a proximity lookup because the database exceeded the maximum number of entries.

Last database full happened

Last time the proximity database was full.


Displaying Proximity Probe Transfer Statistics

You display general probe success and failure counts by using the show statistics proximity probes command.

The syntax of this command is as follows:

show statistics proximity probes

Table 11-36 describes the fields in the show statistics proximity probes command output.

Table 11-36 Field Descriptions for show statistics proximity probes Command 

Field
Description

Authentication

Whether the GSS performs DRP authentication when exchanging packets with the DRP agent in a proximity probing agent. States are Enabled and Disabled.

Echo Rx

Number of DRP echo responses received by the GSS from all configured proximity probing agents.

Echo Tx

Number of DRP echo requests sent by the GSS to all configured proximity probing agents.

Measure Rx

Number of DRP measured requests received by the GSS from all configured proximity probing agents.

Measure Tx

Number of DRP measured requests sent by the GSS to all configured proximity probing agents.

Pkts Rx

Total number of DRP packets received by the GSS from all configured proximity probing agents.

Pkts Tx

Number of DRP packets sent by the GSS to all configured proximity probing agents.


You display detailed statistics for the ICMP and TCP probes relative to all configured zones by using the show statistics proximity probes detailed command. This command also displays the operating status of the primary and secondary proximity probing agents (ONLINE or OFFLINE).

The syntax of this command is as follows:

show statistics proximity probes detailed

Table 11-37 describes the fields in the show statistics proximity probes detailed command output.

Table 11-37 Field Descriptions for show statistics proximity probes detailed Command 

Field
Description

Zone ID

Numerical identifier of the proximity zone.

Zone Name

Name of the proximity zone.

Authentication

An indication of whether the GSS performs DRP authentication when exchanging packets with the DRP agent in a proximity probing agent.

Primary

Identifies the IP address of the primary proximity probing agent servicing this zone and the status of the proximity probing agent (ONLINE or OFFLINE).

Secondary

Identifies the IP address of the backup proximity probing agent servicing this zone and the status of the proximity probing agent (ONLINE or OFFLINE).

Echo Rx

Number of DRP echo responses received by the GSS from all configured proximity probing agents.

Echo Tx

Number of DRP echo requests sent by the GSS to all configured proximity probing agents.

Measure Rx

Number of DRP measured requests received by the GSS from all configured proximity probing agents.

Measure Tx

Number of DRP measured requests sent by the GSS to all configured proximity probing agents.

Pkts Rx

Total number of DRP packets received by the GSS from the proximity probing agent in the proximity zone.

Pkts Tx

Number of DRP packets sent by the GSS to the proximity probing agent in the proximity zone.

Pkts Rx Rate

Current received request rate per second.

Pkts Tx Rate

Current transmitted request rate per second.

Peak Rx Rate

Peak received request rate per second.

Peak Tx Rate

Peak transmitted request rate per second.


Displaying Proximity Status

You display general status information about the proximity subsystem by using the show proximity command.

The syntax of this command is as follows:

show proximity

Table 11-38 describes the fields in the show proximity command output.

Table 11-38 Field Descriptions for show proximity Command 

Field
Description

Proximity subsystem status

Current operating status of the Proximity subsystem component.

Proximity database dump interval

Time period between automatic proximity database dumps performed by the GSS.

Proximity database age-out interval

Time period between checks by the GSS to verify when the user-configured entry inactivity timeout value elapses.


Displaying Proximity Group Configuration

You display a summary of all configured proximity groups by using the show proximity group-summary command.


Note This command displays the configuration output to the console only if the number of proximity elements, or IP blocks, is less than 1000. (This value is not configurable). If the number of proximity elements is more than 1000, an error message displays asking you to execute the proximity group-summary dump filename command.


Table 11-39 describes the fields in the show proximity group-summary command output.

Table 11-39 Field Descriptions for show proximity group-summary Command 

Field
Description

Name

Unique alphanumeric name of the proximity group

Address Blocks

IP address block of the proximity group, specified in dotted-decimal notation


You display the configuration of a specific proximity group by using the show proximity group-name command.

The syntax of this command is as follows:

show proximity group-name groupname

Enter the exact name of a proximity group to display all proximity entries related to that group.

Table 11-40 describes the fields in the show proximity group-name command output.

Table 11-40 Field Descriptions for show proximity group-name Command 

Field
Description

Name

Unique alphanumeric name of the proximity group

Address Blocks

IP address block of the proximity group, specified in dotted-decimal notation


Displaying Proximity Database Status

You display the proximity database (PDB) entries by specifying one or more entry matching criteria by entering the show proximity database command.

The syntax for this command is as follows:

show proximity database {all | assigned | group {name} | inactive minutes | ip {ip-address} netmask {netmask} | no-rtt | probed}

The keywords and arguments are as follows:

all—Displays all entries in the proximity database.

assigned—Displays all static entries in the proximity database.

group name—Displays all entries that belong to a named proximity group. Specify the exact name of a previously created proximity group.

inactive minutes—Displays all dynamic entries that have been inactive for a specified time. Valid values are 0 to 43200 minutes.

ip ip-address netmask netmask—Displays all proximity entries related to a D-proxy IP address and subnet mask. Specify the IP (IPv4 or IPv6) address of the requesting client's D-proxy. Enter IPv4 address in dotted-decimal notation or for an IPv6 address, use a double, no double colon, and a slash followed by a number (/n) notation. The prefix-lenth range for IPv4 address is from 1 to 31 and for IPv6 addresses, the range is from 1 to 127. For example, 192.168.11.1 or 2001:DB8::A:B:1.

no-rtt—Displays all entries in the PDB that do not have valid RTT values.

probed—Displays all dynamic entries in the PDB.

For example, to display entries related to the D-proxy IP address 192.168.8.0 and subnet mask 255.255.255.0, enter:

gss1.example.com# show proximity database all
Key/ID          Type      Probe Target Method   RTTs  Hits
----------     -------------------- --------------------------
1              Static    2001::55:19:1       ICMP      0     0
55.19.1.1      Dynamic   55.19.1.1           ICMP      1     1
2001:55::19:1  Dynamic   2001:55::19:1       ICMP      1     1
Total 3 database entries displayed.
gss1.example.com# 
 
   

Monitoring DNS Sticky Statistics on a GSS

The sticky component displays statistics about the sticky operation of your GSS device. Sticky statistics include information about DNS sticky lookups by DNS rule name, entries in the sticky database on the GSS device, global sticky status and statistics, operating status and statistics on GSS peers in the sticky mesh, and sticky group status.

This section contains the following topics:

Displaying DNS Rule Sticky Statistics

Displaying Sticky Statistics

Displaying Global Sticky Statistics

Displaying Global Sticky Mesh Statistics

Displaying Sticky Group Statistics

Displaying the Sticky Status

Displaying the Sticky Database Status

Displaying the Global Sticky Operating Status

Displaying the Global Sticky Mesh Operating Status

Displaying Sticky Group Configuration

Displaying DNS Rule Sticky Statistics

You display all DNS sticky lookups by DNS rule name by using the show statistics dns sticky rule command.

The syntax of this command is as follows:

show statistics dns sticky rule

Table 11-41 describes the fields in the show statistics dns sticky rule command output.

Table 11-41 Field Descriptions for show statistics dns sticky rule Command 

Field
Description

Rule

Name of the matched DNS rule.

Hits

Total number of successful lookups in the sticky database for the sticky database entry.

Misses

Total number of failed lookups in the sticky database for the DNS rule.

Additions

Total number of times that a request matched on a DNS rule, resulting in the GSS adding an entry to the sticky database.


Displaying Sticky Statistics

You display general statistics about the sticky database, such as the total number of hits and misses in the sticky database, number of entries in the sticky database, and total number of lookups by using the show statistics sticky command.

The syntax of this command is as follows:

show statistics sticky

Table 11-42 describes the fields in the show statistics sticky command output.

Table 11-42 Field Descriptions for show statistics sticky Command 

Field
Description

Current entry count

Current number of entries in the sticky database.

Highest entry count

Maximum number of entries in the sticky database since the last time sticky was enabled or the sticky statistics were cleared.

Total Lookups

Total number of lookups in the sticky database.

Hits

Number of successful lookups in the sticky database.

Misses

Number of failed lookups in the sticky database.

Addition success

Number of addition requests for the sticky database that succeeded.

Addition fail

Number of addition requests for the sticky database that failed. The sticky database will not accept further addition requests when the database is full, you stop DNS sticky through the sticky stop CLI command, or there has been an internal error.

Modification success

Number of answer modification requests that succeeded.

Modification fail

Number of answer modification requests that failed.

Timeouts

Number of entries removed from the sticky database because the answer exceeded the user-configured Entry Inactivity Timeout value.

Reclaimed

Number of entries removed from the sticky database due to an overflow.

CLI deletions local

Number of entries manually deleted from the sticky database through the sticky database delete CLI command, entered on the local GSS node.

CLI deletions remote

Number of entries manually deleted from the sticky database through the sticky database delete CLI command, entered on a GSS peer.


Displaying Global Sticky Statistics

You display a summary of counter statistics for global sticky messaging between the local GSS node and its GSS peers by using the show statistics sticky global command.

The syntax of this command is as follows:

show statistics sticky global

The show statistics sticky global command output is divided into two sets of global sticky message statistics:

Individual sticky database entry operations performed by the local GSS node

Sticky database messages sent or received by the local GSS node to or from its GSS peers.

Table 11-43 describes the fields in the show statistics sticky global command output.

Table 11-43 Field Descriptions for show statistics sticky global Command 

Field
Description

Entry Type

Statistics on sticky database entry operations performed by the local GSS node.

Send OK

Sticky database entry messages transmitted by the local GSS node without a failure.

Send Fail

Sticky database entry messages transmitted by the local GSS node with errors.

Received

Sticky database entry messages received by the local GSS node from GSS peers.

Add

Number of new entries added to the sticky database of the local GSS node.

Modify

Number of sticky database entries modified by the local GSS node due to a keepalive failure.

Lookup Fast

Number of sticky database entries in the local GSS node that had their sticky inactivity time reset to an initial value because the GSS performed a fast lookup. A GSS performs a fast lookup when adding new entries to the sticky database, deleting entries from the sticky database, or when the sticky expiration time is less than 5 minutes.

Lookup Slow

Number of sticky database entries in the local GSS node that had their sticky inactivity time reset to an initial value because the GSS performed a slow lookup. A GSS performs a slow lookup when the sticky expiration time is greater than 5 minutes.

Remove

Number of entries removed from the sticky database of the local GSS node through the sticky database delete command. Entries removed by the sticky database delete all command are reflected in the Remove All field (see the description that follows).

Add Sync

Number of entries added to the sticky database of the local GSS node due to the result of a peer synchronization, and not to a normal DNS client request.

Message Type

Statistics on sticky database messages sent or received by the local GSS node.

Send OK

Messages transmitted by the local GSS node without a failure.

Send Fail

Messages transmitted by the local GSS node with errors.

Received

Messages received by the local GSS node from GSS peers.

Add

Number of Add entry type messages sent or received by the local GSS node.

Modify

Number of Modify entry type messages sent or received by the local GSS node.

Lookup Fast

Number of Lookup Fast entry type messages sent or received by the local GSS node.

Lookup Slow

Number of Lookup Slow entry type messages sent or received by the local GSS node.

Remove

Number of Remove messages sent or received by the the local GSS node.

Add Sync

Number of Add Sync entry type messages sent or received by the local GSS node.

Remove All

Number of times the sticky database delete all command has been entered on the local GSS node to delete all entries from the sticky database. The Remove All count includes the number of Remove All messages sent and received by the local GSS node.

Request Db

Number of times the local GSS node sent a Request Db message to a GSS peer, or received a Request Db message from a GSS peer, requesting to share the contents of its sticky database upon startup.

Ack RequestDb

Number of times the local GSS node sent an Ack RequestDb message to a GSS peer, or received an Ack RequestDb message from a GSS peer, to acknowledge that it received a request to share the contents of its sticky database upon startup.

Refuse Db Req

Number of times the local GSS node sent a Refuse Db Req message to a GSS peer, or received a Refuse Db Req message from a GSS peer, indicating a refusal to share the contents of its sticky database upon startup. A GSS, typically, refuses to share the contents of its local database while in the process of performing a database synchronization.

Sync Start

Number of times the Sync Start message has been sent or received by the local GSS node. The GSS uses the Sync Start message to lock out certain critical functions (such as the use of the sticky database delete command) while any GSS within the mesh is performing a synchronization. When the Sync Start message arrives, the GSS blocks all sticky database entry deletions until it either receives the Sync Done message or an internal timer expires.

Sync Done

Number of times the Sync Done message has been sent or received by the local GSS node. The GSS uses the Sync Done message to lock out certain critical functions (such as the use of the sticky database delete command) while any GSS within the mesh is performing a synchronization.

Version mis-match

Error message indicating the number of times the local GSS node was unable to communicate with a peer due to different versions of GSS software.

Clock Out Of Sync

Error message indicating the number of times the local GSS node was unable to communicate with a peer due to clock synchronization issues. A GSS that has a system clock that is out of synchronization by greater than 3 minutes with the other GSS peers ignores update messages from all peers until you resynchronize its system clock (see Chapter 9, Configuring DNS Sticky, for details).

Mask mis-match

Error message indicating the number of times the local GSS node was unable to communicate with a peer due to a difference in global subnet mask values. A GSS will drop all global sticky messages received from a GSS with a different subnet mask. A difference in global sticky masks on a peer would occur only if a configuration change was made on the primary GSSM GUI and the peer did not receive the change due to a network failure.

You globally configure the subnet mask of all GSS devices in the mesh from the primary GSSM GUI Global Sticky Configuration details page (see Chapter 9, Configuring DNS Sticky, for details).



Displaying Global Sticky Mesh Statistics

You display detailed statistics for each GSS peer in the global sticky mesh by using the show statistics sticky mesh CLI command.

Table 11-44 describes the fields in the show statistics sticky mesh command output.

Table 11-44 Field Descriptions for show statistics sticky mesh Command 

Field
Description

Mesh Information for application sticky

Status and statistics about the global sticky mesh.

Transmit Pkts

Total number of application data packets transmitted by the local GSS node to GSS peers in the mesh.

Transmit Bytes

Total number of application data bytes transmitted by the local GSS node to GSS peers in the mesh.

Receive Pkts

Total number of application data packets received by the local GSS node from GSS peers in the mesh.

Receive Bytes

Total number of application data bytes received by the local GSS node from GSS peers in the mesh.

Dropped Tx Pkts

Total number of packets to be transmitted by the local GSS node but were dropped due to buffer errors.

Dropped Rx Pkts

Total number of packets received by the local GSS node but were dropped due to buffer errors.

Current TxQueue

Total number of packets in the buffer transmit queue of the local GSS node that are waiting to be transmitted.

Maximum TxQueue

Maximum number of packets that have been in the buffer transmit queue of the local GSS node.

Current RxQueue

Total number of packets in the buffer receive queue of the local GSS node that are waiting to be received.

Maximum RxQueue

Maximum number of packets that have been in the buffer receive queue of the local GSS node.

Buffers Alloc'd

Number of optimal-sized frames allocated for the buffer transmit and buffer receive data.

Buffers Free

Number of buffers currently free in the local GSS node.

Session Information for GSS peer

Status and statistics for a specific GSS peer in the mesh.

GSS ID

Unique identifier of the GSS peer in the mesh.

CurTx Data Pkts

Number of data packets sent by the local GSS node to the GSS peer during the current session.

CurTx Data Bytes

Number of data bytes sent by the local GSS node to the GSS peer during the current session.

TtlTx Data Pkts

Number of application data packets sent by the local GSS node to the GSS peer for the total duration of the mesh.

TtlTx Data Bytes

Number of application data bytes sent by the local GSS node to the GSS peer for the total duration of the mesh.

Transmit Pkts

Total number of packets transmitted from the local GSS node to t.he GSS peer (including application packets, control packets, RTT packets, and keepalive packets).

Transmit Bytes

Total number of bytes transmitted from the local GSS node to the GSS peer (including application bytes, control bytes, RTT bytes, and keepalive bytes).

CurRx Data Pkts

Number of data packets received by the local GSS node from the GSS peer during the current session.

CurRx Data Bytes

Number of data bytes received by the local GSS node from the GSS peer during the current session.

TtlRx Data Pkts

Number of application data packets received by the local GSS node from the GSS peer for the total duration of the mesh.

TtlRx Data Bytes

Number of application data bytes received by the local GSS node from the GSS peer for the total duration of the mesh.

Receive Pkts

Total number of packets received by the local GSS node from the GSS peer (including application packets, control packets, RTT packets, and keepalive packets).

Receive Bytes

Total number of bytes received by the local GSS node from the GSS peer (including application bytes, control bytes, RTT bytes, and keepalive bytes).

ConnectFailures

Number of times that the connection attempt failed between the local GSS node and the GSS peer.

CurConnAttempts

Number of current connection attempts between the local GSS node and the GSS peer.

ConnectRejects

Number of connections rejected by the GSS peer.

ConnectDeclines

Number of connections declined by the local GSS node.


Displaying Sticky Group Statistics

You display a summary of statistics for all configured sticky groups by using the show statistics sticky group-summary command.

Table 11-45 describes the fields in the show statistics sticky group-summary command output.

Table 11-45 Field Descriptions for show statistics sticky group-summary Command 

Field
Description

Group Name

Unique alphanumeric name of the DNS sticky group.

Group Number

IP address block of the sticky group, specified in dotted-decimal notation.

Total Entries

Total number of D-proxy IP address and subnet mask pairs contained in the sticky group.

Total Hits

Accumulated hit count for all entries in the sticky group. Increments when a match occurs for each sticky group entry.


You display statistics for a specific sticky group by using the show statistics sticky group-name command.

The syntax of this command is as follows:

show statistics sticky group-name {groupname}

Enter the exact name of a sticky group to display all sticky entries related to that group.

Table 11-46 describes the fields in the show statistics sticky group-name command output.

Table 11-46 Field Descriptions for show statistics sticky group-name Command 

Field
Description

Group Name

Unique alphanumeric name of the DNS sticky group.

Group Number

IP address block of the sticky group, specified in dotted-decimal notation.

Total Entries for Group

Total number of D-proxy IP addresses included in the sticky group.

Address

D-proxy IP address included in the sticky group.

Prefix

Subnet mask included in the sticky group, displayed as an integer (for example, 24 or 32).

Hit Count

Number that increments when a match occurs for this sticky group entry.

Last Time Hit

Last time the hit count incremented due to an entry match.


Displaying the Sticky Status

You display general status information about the sticky subsystem by using the show sticky command.

The syntax of this command is as follows:

show sticky

Table 11-47 describes the fields in the show sticky command output.

Table 11-47 Field Descriptions for show sticky Command 

Field
Description

Sticky Manager status

Current operating status of the Sticky Manager component. The Sticky Manager is responsible for maintaining and managing the sticky database in the GSS. Status messages are as follows:

Initializing—Appears only during boot time or after entering the gss start CLI command.

Disabled via GUI—Appears after you disable sticky from the primary GSSM GUI.

Stopped via CLI—Appears after you enter the sticky stop CLI command.

Ready in Local mode—Appears when the GSS is configured for sticky Local mode from the primary GSSM GUI and the GSS software is running.

Ready in Global mode—Appears when the GSS is configured for sticky Global mode from the primary GSSM GUI and the GSS software is running.

Database entry count

Current number of entries in the sticky database.

Dump status

Current sticky database dump subsystem status of the GSS. The GSS automatically dumps sticky database entries to a backup file on disk approximately every 20 minutes. The Dump status messages include Initialized, Disabled, Waiting, and In Progress.

Dump interval

Time period between automatic sticky database dumps performed by the GSS.

Reclaim status

Current operating status of the overflow recovery subsystem. The Reclaim status messages include Initialized, Disabled, Waiting, and In Progress.

Timeout status

Current operating status of the entry inactivity timeout subsystem. The Timeout status messages include Initialized, Disabled, Waiting, and In Progress.

Timeout interval

Time period between checks by the GSS to verify when the user-configured sticky inactivity timeout value elapses.

Mesh status

Current operating status of the sticky global mesh. Status messages are as follows:

Running—The GSS is operating properly in the sticky mesh.

Failed—The GSS is unable to operate properly in the sticky mesh.

Waiting—The GSS is waiting for mesh configuration information.

Enabled—Global sticky is enabled on the local GSS node.

Disabled—Global sticky is disabled on the local GSS node (either from the primary GSSM GUI or through the sticky stop CLI command).


Displaying the Sticky Database Status

You display sticky database entries by specifying one or more entry matching criteria by using the show sticky database command.

The syntax of this command is as follows:

show sticky database {all | answer {name/ip_address} | domain {name} | domain-list {name} | group {name} | inactive minimum {minutes} maximum {minutes} | ip {ip_address} netmask {netmask} | rule {rule_name}}

The keywords and arguments are as follows:

allDisplays all sticky entries in the sticky database.

answer name/ip_address—Displays all sticky entries related to a particular answer. Specify the name of the answer. If there is no name for the answer, specify the IP address of the sticky answer in dotted-decimal notation (for example, 192.168.9.0).

domain name—Displays all sticky entries related to a domain. Specify the exact name of a previously created domain.

domain-list name—Displays all sticky entries related to a domain list. Specify the exact name of a previously created domain list.

group name—Displays all sticky entries related to a sticky group. Specify the exact name of a previously created sticky group.

inactive minimum minutes maximum minutes—Displays all sticky entries that have not received a client hit in the time interval between the specified minimum and maximum values, entered in minutes. Enter a value from 0 to 10100 minutes (7 days) as the specified minimum value and maximum value.

ip ip_address netmask netmask—Displays all sticky entries related to a D-proxy IP address and subnet mask. Specify the IP address of the requesting client's D-proxy in dotted-decimal notation (for example, 192.168.9.0) and specify the subnet mask in dotted-decimal notation (for example, 255.255.255.0).

rule rulename—Displays all sticky entries related to a DNS rule. Specify the exact name of a previously created DNS rule.

Table 11-48 describes the fields in the show sticky database all command output.

Table 11-48 Field Descriptions for show sticky database all Command 

Field
Description

Client/Group

IP address of client D-proxy or name of sticky group.

Domain/DL

Name of the hosted domain (including wildcards) or the name of a matched domain list (DL).

Rule

Name of the DNS rule that was matched to add this entry.

Answer

VIP address of the answer (VIP-type answer).

SIT

User-specified sticky interval timeout (SIT) value.

TTL

Remaining time that the entry in the sticky database is valid.

Hits

Total number of successful lookups in the sticky database for the sticky database entry.

AAAA Answer

Answers returned for AAAA queries.

AAAA Hits

Total number of successful lookups in the sticky database for the AAAA sticky database entry.


The following example displays the output of show sticky dabase command:

gss1.example.com# show sticky database region 117
Client/Group/Region Domain/DL    Rule Answer SIT   TTL     Hits   AAAA Answer AAAA Hits
----------------------------    ------------ ----  ---     ----   -----------  --------
AQ:[117] www.abc.com DNS-Rule-ABC    0        60    14       0     vip2-ipv6     1
 
   
Displayed 1 database entry.
gssm1.cisco.com#

Displaying the Global Sticky Operating Status

You display the most recent sticky database message identifiers sent by the local GSS node and received from its GSS mesh peers by using the show sticky global command. Message identifiers can be helpful when you need to verify the most recent sticky database messages sent from and received by the local GSS node.

To view a more detailed listing of recent global sticky message identifiers, specify the verbose keyword.

The syntax of this command is as follows:

show sticky global [verbose]

Table 11-49 describes the fields in the show sticky global command output.

Table 11-49 Field Descriptions for show sticky global Command 

Field
Description

Mesh Peer Count

Total number of GSS peers in a sticky mesh (not including the local GSS node).

Last Message ID Sent for Each Message Type

Summary of the unique global sticky message identifiers last sent by the local GSS node.

Add

Unique identifier of the last Add entry-type message sent by the local GSS node.

Modify

Unique identifier of the last Modify entry-type message sent by the local GSS node.

Lookup Fast

Unique identifier of the last Lookup Fast entry-type message sent by the local GSS node.

Details of Most Recently Received Messages by Peer

Status summary of the global sticky message identifiers last received by the local GSS node.

Peer Name

Hostname of the GSS peer in the mesh.

Peer ID

Unique identifier of the GSS peer in the mesh.

Last Type

Type of the message last received from the peer.

Last Status

Status of the last message received from the peer. Status messages are as follows:

Received OK—Message was received and processed

Version mismatch—Message dropped because the local GSS node was unable to communicate with a peer due to different versions of the GSS software.

Clock out of sync—Local GSS node was unable to communicate with a peer due to clock synchronization issues. A GSS that has a system clock that is out of synchronization by greater than three minutes with the other GSS peers ignores update messages from all peers until you re-synchronize its system clock (see Chapter 9, Configuring DNS Sticky, for details).

Mask mismatch—Local GSS node was unable to communicate with a peer due to a difference in global subnet mask values. A GSS will drop all global sticky messages received from a GSS with a different subnet mask. A difference in global sticky masks on a peer would occur only if a configuration change was made on the primary GSSM GUI and the peer did not receive the change due to a network failure. See Chapter 9, Configuring DNS Sticky, for details about globally configuring the subnet mask of all GSS devices in the mesh from the primary GSSM GUI.

Last MessageID Received for each Message Type...

Summary of the unique global sticky messages last received by the local GSS node from each GSS mesh peer.

Add

Unique identifier of the last Add entry-type message received by the local GSS node from the GSS peer.

Modify

Unique identifier of the last Modify entry-type message received by the local GSS node from the GSS peer.

Lookup Fast

Unique identifier of the last Lookup Fast entry-type message received by the local GSS node from the GSS peer.


Table 11-50 describes the fields in the show sticky global verbose command output.

Table 11-50 Field Descriptions for show sticky global verbose Command 

Field
Description

Mesh Peer Count

Total number of GSS peers in a sticky mesh (not including the local GSS node).

Last Message ID Sent for Each Message Type

Summary of the unique global sticky message identifiers last sent by the local GSS node.

Add

Unique identifier of the last Add entry-type message sent by the local GSS node.

Modify

Unique identifier of the last Modify entry-type message sent by the local GSS node.

Lookup Fast

Unique identifier of the last Lookup Fast entry-type message sent by the local GSS node.

Lookup Slow

Unique identifier of the last Lookup Slow entry-type message sent by the local GSS node.

Remove

Unique identifier of the last Remove entry-type message sent by the local GSS node.

Add Sync

Unique identifier of the last Add Sync entry-type message sent by the local GSS node.

Remove All

Unique identifier of the last Remove All message sent by the local GSS node.

Request Db

Unique identifier of the last Request Db message sent by the local GSS node.

Ack ReqDb

Unique identifier of the last Ack ReqDb message sent by the local GSS node.

Refuse ReqDb

Unique identifier of the last Refuse ReqDb message sent by the local GSS node.

Sync Start

Unique identifier of the last Sync Start message sent by the local GSS node.

Sync Done

Unique identifier of the last Sync Done message sent by the local GSS node.

Details of Most Recently Received Messages by Peer

Status summary of the global sticky message identifiers last received by the local GSS node.

Peer Name

Hostname of the GSS peer in the mesh.

Peer ID

Unique identifier of the GSS peer in the mesh.

Last Type

Type of the message last received from the peer.

Last Status

Status of the last message received from the peer. Status messages are as follows:

Received OK—Message was received and processed.

Version mismatch—Message dropped because the local GSS node was unable to communicate with a peer due to different versions of the GSS software.

Clock out of sync—Local GSS node was unable to communicate with a peer due to clock synchronization issues. A GSS that has a system clock that is out of synchronization by more than three minutes with the other GSS peers ignores update messages from all peers until you resynchronize its system clock (see Chapter 9, Configuring DNS Sticky, for details).

Mask mismatch—Local GSS node was unable to communicate with a peer due to a difference in global subnet mask values. A GSS will drop all global sticky messages received from a GSS with a different subnet mask. A difference in global sticky masks on a peer would occur only if a configuration change was made on the primary GSSM GUI and the peer did not receive the change due to a network failure. See Chapter 9, Configuring DNS Sticky, for details about globally configuring the subnet mask of all GSS devices in the mesh from the primary GSSM GUI.

Last MessageID Received for each Message Type...

Summary of the unique global sticky messages last received by the local GSS node from each GSS mesh peer.

Add

Unique identifier of the last Add entry-type message received by the local GSS node from the GSS peer.

Modify

Unique identifier of the last Modify entry-type message received by the local GSS node from the GSS peer.

Lookup Fast

Unique identifier of the last Lookup Fast entry-type message received by the local GSS node from the GSS peer.

Lookup Slow

Unique identifier of the last Lookup Slow entry-type message received by the local GSS node from the GSS peer.

Remove

Unique identifier of the last Remove entry-type message received by the local GSS node from the GSS peer.

Add Sync

Unique identifier of the last Add Sync entry-type message received by the local GSS node from the GSS peer.

Remove All

Unique identifier of the last Remove All message received by the local GSS node from the GSS peer.

Request Db

Unique identifier of the last Request Db message received by the local GSS node from the GSS peer.

Ack ReqDb

Unique identifier of the last Ack RegDb message received by the local GSS node from the GSS peer.

Refuse Db

Unique identifier of the last Refuse ReqDb message received by the local GSS node from the GSS peer.

Sync Start

Unique identifier of the last Sync Start message received by the local GSS node from the GSS peer.

Sync Done

Unique identifier of the last Sync Done message received by the local GSS node from the GSS peer.


Displaying the Global Sticky Mesh Operating Status

You display sticky mesh status information locally from the CLI of a GSS by using the show sticky mesh CLI command. This command displays the operating status of the individual GSS peers in the sticky mesh and their connection status to the local GSS node.

The syntax and options for this command are as follows:

show sticky mesh—Displays a summary of the GSS devices in the sticky mesh and their operating status.

show sticky mesh session session_ID—Displays operating status information for a specific session ID, which is the point-to-point connection between the local GSS node and a sticky mesh peer. To locate the session ID for a specific GSS peer in the mesh, use the show sticky mesh command.

show sticky mesh session session_ID verbose—Displays more detailed operating status information for a specific session ID. To locate the session ID for a specific GSS peer in the mesh, use the show sticky mesh command.

show sticky mesh verbose—Displays detailed operating status information for the sticky mesh and for all GSS peers in the mesh.

Table 11-51 describes the fields in the show sticky mesh command output.

Table 11-51 Field Descriptions for show sticky mesh Command 

Field
Description

My GSS ID

Unique identifier of the local GSS node in the mesh.

Mesh ID

Unique identifier of the global sticky mesh.

Port

TCP port used by all GSS devices connected in the sticky mesh. This parameter is not user-configurable.

Remote GSS IP Address/Host Name

IP address or hostname of the GSS peer in the mesh.

Session ID

Unique identifier of the point-to-point connection between the local GSS node and the mesh peer.

State

State of the communication link between the local GSS node and the mesh peer. The possible states are as follows:

SESSION_STOP—Indicates that the session is dead.

SESSION_INIT—Indicates that the session is initializing.

SESSION_OPEN—Indicates that the connection to the peer has been made.

SESSION_AUTH—Indicates that authentication is occurring.

SESSION_UP—Indicates that the session is up.

SESSION_DOWN—Indicates that the session is down or failing.


Table 11-52 describes the fields in the show sticky mesh session command output.

Table 11-52 Field Descriptions for show sticky mesh session Command 

Field
Description

Session Information for GSS peer

Hostname of the GSS peer in the mesh.

Session ID

Unique identifier of the point-to-point connection between the local GSS node and the mesh peer.

RTT

Application-level round-trip time (RTT) between the local GSS node and the mesh peer. If the GSS has not yet made an RTT measurement, the GSS displays "--" in the field.

State

State of the communication link between the local GSS node and the mesh peer. The possible states are as follows:

SESSION_STOP—Indicates that the session is dead.

SESSION_INIT—Indicates that the session is initializing.

SESSION_OPEN—Indicates that the connection to the peer has been made.

SESSION_AUTH—Indicates that authentication is occurring.

SESSION_UP—Indicates that the session is up.

SESSION_DOWN—Indicates that the session is down or failing.

IP Address

IP address of the GSS peer.

GSS ID

Unique identifier of the GSS peer in the mesh.


Table 11-53 describes the fields in the show sticky mesh session verbose command output.

Table 11-53 Field Descriptions for show sticky mesh session verbose Command 

Field
Description

Session Information for GSS peer

Identifies the host name of the GSS peer in the mesh.

Session ID

Unique identifier of the point-to-point connection between the local GSS node and the mesh peer.

Session State

State of the communication link between the local GSS node and the mesh peer. The possible states are as follows:

SESSION_STOP—Indicates that the session is dead.

SESSION_INIT—Indicates that the session is initializing.

SESSION_OPEN—Indicates that the connection to the peer has been made.

SESSION_AUTH—Indicates that authentication is occurring.

SESSION_UP—Indicates that the session is up.

SESSION_DOWN—Indicates that the session is down or failing.

RTT

Application-level round-trip time (RTT) between the local GSS node and the mesh peer. If the GSS has not yet made an RTT measurement, the GSS displays "--" in the field.

Encrypt Type

Encryption method performed on the data packets. The method is one of the following:

md5hash—MD5-based hashing encryption method

none—No encryption

See the "Configuring the Global Sticky Mesh" section in Chapter 9, Configuring DNS Sticky, for details.

Authentication

Authentication method performed by the GSS peer to prevent unauthorized access. The method is one of the following:

challenge—Challenge Handshake Authentication Protocol (CHAP)

none—No secret string used for authentication

See the "Configuring the Global Sticky Mesh" section in Chapter 9, Configuring DNS Sticky, for details.

KalFreq

Time in seconds between sending keepalive messages from the local GSS node to this GSS peer. This parameter is not user-configurable.

Max FrameSize

Maximum frame size allowed for communication between GSS devices in the mesh. This parameter is not user configurable.

OptmlFrameSize

Optimal frame size for communication between GSS devices in the mesh. This parameter is not user configurable.

PrePend

Allocated header size in the buffer. The header size is always 8 bytes.

IP Address

IP address of the GSS peer in the mesh.

GSS ID

Unique identifier of the GSS peer in the mesh.

Connect from IP

Actual IP network address of the GSS peer in the mesh.

My Local Address Via Peer

IP address of the local GSS node as seen by the GSS peer.

Last Up Event

Day and time of the most recent Up event.

Last Down Event

Day and time of the most recent Down event.

FSM Events

Finite State Machine events as related to the Session State field.

STOP

Number of SESSION_STOP events.

INIT

Number of SESSION_INIT events.

OPEN

Number of SESSION_OPEN events.

AUTH

Number of SESSION_AUTH events.

UP

Number of SESSION_UP events.

DOWN

Number of SESSION_DOWN events.


Table 11-54 describes the fields in the show sticky mesh verbose command output.

Table 11-54 Field Descriptions for show sticky mesh verbose Command 

Field
Description

Mesh Information for application sticky

Status and statistics about the global sticky mesh.

My GSS ID

Unique identifier of the local GSS node in the mesh.

Mesh ID

Unique identifier of the global sticky mesh.

Port

TCP port used by all GSS devices connected in the sticky mesh. This parameter is not user configurable.

Encrypt Type

Encryption method performed on the data packets. The method is one of the following:

md5hash—MD5-based hashing encryption method

none—No encryption

See the "Configuring the Global Sticky Mesh" section in Chapter 9, Configuring DNS Sticky, for details.

Authentication

Authentication method performed by GSS peers to prevent unauthorized access. The method is one of the following:

challenge—Challenge Handshake Authentication Protocol (CHAP)

none—No secret string used for authentication

See the "Configuring the Global Sticky Mesh" section in Chapter 9, Configuring DNS Sticky, for details.

KalFreq

Time in seconds between sending keepalive messages to GSS peers. This parameter is not user configurable and always displays as "default".

MaxFrameSize

Maximum frame size allowed for communication between GSS devices in the mesh. This parameter is not user configurable.

OptmlFrameSize

Optimal frame size for communication between GSS devices in the mesh. This parameter is not user configurable.

Max Rate

Maximum rate that the local GSS node can transmit packets to GSS peers in the mesh.

Favored Peer

Favored GSS peer for the local GSS node, specified on the Global Sticky Configuration details page of the primary GSSM GUI. A favored peer enables you to force a faster synchronization of sticky database entries with a specific GSS peer upon reentry into the sticky mesh. If you did not specify a favored peer, the GSS displays "No Favored Peer configured."

Session Information for GSS peer

Status and statistics for a specific GSS peer in the mesh.

Session ID

Unique identifier of the point-to-point connection between the local GSS node and the mesh peer.

Session State

State of the communication link between the local GSS node and the mesh peer. The possible states are as follows:

SESSION_STOP—Indicates that the session is dead.

SESSION_INIT—Indicates that the session is initializing.

SESSION_OPEN—Indicates that the connection to the peer has been made.

SESSION_AUTH—Indicates that authentication is occurring.

SESSION_UP—Indicates that the session is up.

SESSION_DOWN—Indicates that the session is down or failing.

RTT

Application-level round-trip time (RTT) between the local GSS node and this GSS peer. If the GSS has not yet made an RTT measurement, the GSS displays "--" in the field.

Encrypt Type

Encryption method performed on the data packets. The method is one of the following:

md5hash—MD5-based hashing encryption method

none—No encryption

See the "Configuring the Global Sticky Mesh" section in Chapter 9, Configuring DNS Sticky, for details.

Authentication

Authentication method performed by GSS peers to prevent unauthorized access. The method is one of the following:

challenge—Challenge Handshake Authentication Protocol (CHAP)

none—No secret string used for authentication

See the "Configuring the Global Sticky Mesh" section in Chapter 9, Configuring DNS Sticky, for details.

KalFreq

Time in seconds between sending keepalive messages from the local GSS node to this GSS peer. This parameter is not user configurable.

Max FrameSize

Maximum frame size allowed for communication between GSS devices in the mesh. This parameter is not user configurable.

OptmlFrameSize

Optimal frame size for communication between GSS devices in the mesh. This parameter is not user configurable.

PrePend

Allocated header size in the buffer. The header size is always 8 bytes.

IP Address

IP address of the GSS peer in the mesh.

GSS ID

Unique identifier of the GSS peer in the mesh.

Connect from IP

Actual IP network address of the GSS peer in the mesh.

My Local Address Via Peer

IP address of the local GSS node as seen by the GSS peer.

Last Up Event

Day and time of the most recent Up event.

Last Down Event

Day and time of the most recent Down event.

FSM Events

Finite State Machine events as related to the Session State field.

STOP

Number of SESSION_STOP events.

INIT

Number of SESSION_INIT events.

OPEN

Number of SESSION_OPEN events.

AUTH

Number of SESSION_AUTH events.

UP

Number of SESSION_UP events.

DOWN

Number of SESSION_DOWN events.


Displaying Sticky Group Configuration

You display a summary of all configured sticky groups by using the show sticky group-summary command.

Table 11-55 describes the fields in the show sticky group-summary command output.

Table 11-55 Field Descriptions for show sticky group-summary Command 

Field
Description

Name

Unique alphanumeric name of the DNS sticky group.

Address Blocks

IP address block of the sticky group, specified in dotted-decimal notation.


You display the configuration of a specific sticky group by using the show sticky group-name command.

The syntax of this command is as follows:

show sticky group-name groupname

Enter the exact name of a sticky group to display all sticky entries related to that group.

Table 11-56 describes the fields in the show sticky group-name command output.

Table 11-56 Field Descriptions for show sticky group-name Command 

Field
Description

Name

Unique alphanumeric name of the DNS sticky group.

Address Blocks

IP address block of the sticky group, specified in dotted-decimal notation.


Clearing GSS Global Server Load-Balancing Statistics

You reset global server load-balancing statistics for one or more of your GSS components by using the clear statistics command. Clearing the statistics for a GSS component erases all record of routing activity and performance for that device.

The syntax of the clear statistics command is as follows:

clear statistics {boomerang | ddos [all | attacks | drops | global] | dns | drpagent | keepalive {all | cra | http-head | https-head | icmp | kalap | ns | scripted-kal | tcp} | proximity | sticky {mesh}}

The keywords are as follows:

boomerang—Resets statistics that relate to the Boomerang server component of the GSS.

ddos—Resets statistics that relate to the DDoS detection and mitigation component of the GSS.

global—Resets global statistics for the GSS DDoS detection and mitigation component.

attacks—Resets attack statistics for the GSS DDoS detection and mitigation component.

dns—Resets statistics that relate to the DNS server component of the GSS, including proximity and sticky DNS rule statistics.

drpagent—Resets statistics that relate to the DRP agent component of the GSS.

keepalive—Resets statistics that relate to the keepalive function of the GSS software.

all—Resets statistics for all keepalive types maintained by the GSS.

cra—Resets statistics for only CRA-type keepalives maintained by the GSS.

http-head—Resets statistics for only the VIP HTTP-HEAD type keepalive maintained by the GSS.

https-head—Resets statistics for only the VIP HTTPS-HEAD type keepalive maintained by the GSS.

icmp—Resets statistics for only the VIP ICMP-type keepalive maintained by the GSS.

kalap—Resets statistics for only the VIP KAL-AP-type keepalive maintained by the GSS.

ns—Resets statistics for the Name Server-type keepalive maintained by the GSS.

scripted-kal—Resets statistics for the Scripted-Kal -type keepalive maintained by the GSS.

tcp—Resets statistics for the IP and port TCP-type keepalive maintained by the GSS.

proximity—Resets statistics for the network proximity function.

sticky—Resets statistics for the DNS sticky function.

mesh—Resets sticky global mesh and session statistics for the local GSS node of the mesh.

For example, enter:

gss1.yourdomain.com# clear statistics keepalive tcp
Are you sure? (yes/no) yes
tcp keepalive statistics cleared
 
   

or

gss1.yourdomain.com# clear statistics proximity
Are you sure? (yes/no) yes
proximity statistics cleared

Monitoring Global Load-Balancing Statistics from the Primary GSSM GUI

From the Monitoring tab of the primary GSSM GUI, you can monitor the status of global load balancing on your GSS network using a variety of functions that filter and condense GSS traffic and statistics. These statistics provide you with an overview of the online status of your resources (such as answers, keepalives, DNS rules, hosted domains, and source addresses). You can also monitor advanced traffic management functions, such as DNS sticky and network proximity, for the GSS network.

This section contains the following topics:

Monitoring Answer Status and Statistics

Monitoring DNS Rule Statistics

Monitoring Domain Hit Counts

Monitoring Global Statistics

Monitoring Source Address Statistics

Monitoring DDoS Statistics

Monitoring Traffic Management Statistics

Monitoring Answer Status and Statistics

The Answers section of the Monitoring tab displays statistics about the answer resources in your GSS network. Answer resources also include statistics about keepalive probes directed to the answer resource.

This section contains the following topics:

Monitoring Answer Hit Counts

Monitoring Answer Keepalive Statistics

Monitoring Answer Status

Monitoring Answer Hit Counts

The Answer Hit Counts list page displays statistics about the GSS answer resources and the number of times that user requests have been directed to each answer resource. Answer hit counts allow you to gauge how well your GSS resources respond to user requests.

To view the number of hits recorded by each answer, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the Answers navigation link. The Answer Status list page appears displaying the following information:

Data displayed in the Answer Status list page may be delayed by up to 300 seconds.

3. Click the Answer Hit Counts navigation link (located in the Contents list). The Answer Hit Counts list page appears.

Table 11-57 describes the fields on the Answer Hit Counts list page.

Table 11-57 Field Descriptions for Answer Hit Counts List Page

Field
Description

Answer

IP address of the answer resource. You get either an IPv4 or an IPv6 address for the VIP - type answers, and you get only IPv4 address for the NS and CRA- type answers.

Name

Name assigned to the answer using the primary GSSM GUI.

Type

Resources to which the GSS resolves DNS requests. The answer types include VIP, CRA, or Name Server.

Location

GSS network location of the answer.

Name of the GSS or GSSM

Number of requests directed to the answer by each GSS device.


4. Click the column header of any of the displayed columns to sort your answers by a particular property.

Monitoring Answer Keepalive Statistics

The Answer Keepalive Statistics list page displays statistics about keepalive probes sent to the answer resource by each GSS in the network. For each answer configured on your GSS, the Answer Keepalive Statistics list page displays the number of keepalive probes directed to that answer by the primary and the standby GSSM as well as information about how that keepalive probe was handled. The Answer Keepalive Statistics list page also displays multiple keepalives if assigned for a single VIP answer.

You may discover that certain answers may be offline or have problems staying online if a large number of keepalive probes are rejected or encounter transition conditions. When you use a TCP keepalive with the fast detection and graceful termination methods to test a Telnet service on a server running Windows Server 2003, port 23 may fluctuate between the Up and Down state (port flapping). If port flapping occurs on TCP port 23 of Windows Server 2003, you will notice an increase in keepalive negative probe and keepalive transition counts on the Answer Keepalive Statistics list page of the primary GSSM GUI.

To resolve this issue, increase the retries value for the TCP keepalive. A retry value of 3 or 4 should prevent flapping on port 23 when connecting to a server running Windows Server 2003.

To view the keepalive statistics for each answer, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the Answers navigation link.

3. Click the Answer KeepAlive Statistics navigation link (located in the Contents list). The Answer KeepAlive Statistics list page appears.

Table 11-58 describes the fields on the Answer KeepAlive Statistics list page.

Table 11-58 Field Descriptions for Answer Keepalive Statistics List Page 

Field
Description

Answer

IP address of the answer resource probed by the GSS.

Type

Resources to which the GSS resolves DNS requests. Answer types include VIP, CRA, or Name Server.

Name

Name assigned to the answer using the primary GSSM GUI.

Keepalive

Address assigned to the remote device, CRA, or name server that the GSS is to forward requests.

Method

Keepalive method used by the answer: VIP (virtual IP address), NS (name server), or CRA (content routing agent).

Location

GSS network location of the answer.

Name of the GSS or GSSM

Number of keepalive probes directed to the answer by each GSS device and the record of how those probes were handled. Statistics are presented in the following order:

Keepalive packets sent—Total number of keepalive probes sent to the answer by each GSS on the network

Keepalive packets received—Total number of keepalive probes returned from the answer

Keepalive positive probe count—Total number of keepalive probes received by the GSS to which a positive (OK) response was returned

Keepalive negative probe count—Total number of keepalive probes received by the GSS to which a negative response was returned

Keepalive transition count—Total number of keepalive probe transitions (for example, from the INIT to the ONLINE state) experienced by the keepalive


4. Click the column header of any of the displayed columns to sort your answers by a particular property.

Monitoring Answer Status

The Answer Status list page displays statistics about the GSS answer resources. Answers can be sorted by IP address, name, type, location, or online status according to a particular device.

To view the status of your GSS answers, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the Answers navigation link.

3. Click the Answer Status navigation link (located in the Contents list). The Answer Status list page appears.

Table 11-59 describes the fields on the Answer Status list page.

Table 11-59 Field Descriptions for Answer Status List Page

Field
Description

Answer

IP address of the answer resource.

Name

Name assigned to the answer using the primary GSSM GUI.

Type

Resources to which the GSS resolves DNS requests. The answer types include VIP, CRA, or Name Server.

Location

GSS network location of the answer.

Name of the GSS or GSSM

Online status of the answer according to the named device.


4. Click the column header of any of the displayed columns to sort your answers by a particular property.

Monitoring DNS Rule Statistics

The DNS Rule Statistics list page displays statistics about the DNS rules, such as how many queries were processed by each DNS rule and how many of those processed queries were successfully matched with answers.

To view the status of your DNS rules, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the DNS Rules navigation link. The DNS Rule Statistics list page appears.

Table 11-60 describes the fields on the DNS Rule Statistics list page.

Table 11-60 Field Descriptions for DNS Rule Statistics List Page

Field
Description

Name

Name assigned to the answer using the primary GSSM.

Owner

GSS owner to whom the DNS rule has been assigned.

Name of the GSS or GSSM

Total hit count and successful hit count for the DNS rule from the listed GSS device. See the legend that appears below the listed DNS rules for information about identifying which value represents total hits and which value represents successful DNS requests served.


3. Click the column header of any of the displayed columns to sort your DNS rules by a particular property.

Monitoring Domain Hit Counts

The Domain Hot Counts list page displays statistics about the hosted domains that the GSS serves and information about how many queries were directed to each domain by each DNS rule. The domain hit counts function tracks the traffic directed to the individual domains, not GSS domain lists, which may include one or more domains.

To view the status of your hosted domains, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the Domains navigation link. The Domain Hit Counts list page appears.

Table 11-61 describes the fields on the Domain Hit Counts list page.

Table 11-61 Field Descriptions for Domain Hit Counts List Page

Field
Description

Domain

DNS domains for which the GSS is responsible. These are the domains contained in your domain lists.

Name of the GSS or GSSM

Total number of requests for the listed domain from each GSS device.


3. Click the column header of any of the displayed columns to sort the listed domains by a particular property.

Monitoring Global Statistics

The Global Statistics list page displays statistics about the GSS network. Global statistics include the average number of DNS requests received by each GSS device and keepalive probes sent to your answers and the online status of each GSS device.

To view the status of your GSS network, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the Global navigation link. The Global Statistics list page appears.

Table 11-62 describes the fields on the Global Statistics list page.

Table 11-62 Field Descriptions for Global Statistics List Page

Field
Description

GSS Status

Online status of each GSS device in your GSS network.

Unmatched DNS Queries

Total number of DNS queries received by each listed device for which no answer could be found.

DNS Queries/sec

Average number of DNS queries received, per second, by each listed GSS device.

Keepalive Probes/sec

Average number of keepalive probes received by each listed GSS device each second.


3. Click the column header of any of the displayed columns to sort the listed domains by a particular property.

Monitoring Source Address Statistics

The Source Address Statistics list page displays statistics about the incoming requests received from each source address (the addresses that transmit DNS queries to a GSS). The source address hit counts feature tracks requests from individual address blocks, not from GSS source address lists, which may contain one or more address blocks.

To view the statistics for your source address lists, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the Source Addresses navigation link. The Source Address Statistics list page appears.

Table 11-63 describes the fields on the Source Address Statistics list page.

Table 11-63 Field Descriptions for Source Address Statistics List Page

Field
Description

Source Address Block

Address or range of addresses that originate the DNS queries. Source address blocks make up GSS source address lists.

Name of the GSS or GSSM

Total number of requests received by the listed GSS device from each source address or address block.


3. Click the column header of any of the displayed columns to sort the listed domains by a particular property.

Monitoring DDoS Statistics

The Monitor DDoS Statistics page displays selections that allow you to view DDoS global or attack statistics for each GSS in the network.

To view DDoS statistics, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the DDoS navigation link. The Monitor DDos Statistics page appears with two submenu items, Global Stats and Attack Stats.

3. Click the Global Stats selection to view the DDoS Global Statistics.

Table 11-64 describes the fields on the Global Statistics list page.

Table 11-64 Field Descriptions for Global Statistics List Page 

Field
Description

Total packets received

Packets received and handled by the GSS. The Total packets received counter is the sum of the legitimate counter and the malicious counter.

Total packets dropped

Packets that were identified by the GSS DDoS protection and mitigation functions as part of an attack and dropped.

Total Anti-Spoofing triggered

The total number of packets that triggered the GSS DDoS protection anti-spoofing function.

Total Validated DNS requests

Total number of packets that were successfully dropped by the GSS DDoS protection anti-spoofing function.

Rate-limit drops

Packets that were identified by the GSS DDoS protection and mitigation rate-limiting functions as part of an attack and dropped. The rate limit is the maximum number of DNS requests the GSS can receive from the D-proxy per second.

Global Rate-limit drops

Packets that were identified by the GSS DDoS protection and mitigation global rate-limiting function as part of an attack and dropped.

Unknown dproxies drops

An D-proxy that has not been classified as spoofed or non-spoofed by the DDoS protection and mitigation function is unknown. The DDoS function starts anti-spoofing for an unknown D-proxy. If the number of packets from unknown D-Proxies exceeds the specified rate limit, the unknown drops start.

Spoofed packet drops

Packets that were identified by the GSS DDoS protection and mitigation anti-spoofing functions as part of an attack and dropped.

Malformed packet drops

Packets that were identified by the GSS DDoS protection and mitigation functions as malformed and dropped.

Mitigation rules drops

Packets that were identified by the GSS DDoS protection and mitigation functions as violating mitigation rules and dropped.

Global domain name drops

Packets that were identified by the GSS DDoS protection and mitigation functions as a global domain name and dropped.

Ongoing anti-spoofing drops

Packets that were identified by the GSS DDoS protection and mitigation anti-spoofing functions as part of an ongoing attack and dropped.

DDoS Status

DDoS detection and mitigation module status on the GSS, either enabled or disabled.


4. Click the Attack Stats selection to view the DDoS Attack Statistics.

Table 11-65 Field Descriptions for Attack Statistics List Page

Field
Description

Total attacks

Total number of DNS attacks detected by the GSS.

Reflection attacks

Attack in which the IP address of the victim (i.e., the GSS) is spoofed and multiple DNS requests are sent to a DNS server or multiple DNS servers posing as the victim.

Malformed DNS packet attacks

Attack in which the GSS is flooded with malformed DNS packets.

Failed global domain attacks

Failed domain counter that provides a total of the DNS queries failing to match the global domain name.

Global rate-limit exceeded attacks

Attack in which the maximum number of DNS requests that the GSS receives from the D-proxy per second exceeds the global limit.

DDoS status

DDoS detection and mitigation module status on the GSS, either enabled or disabled.


Monitoring Traffic Management Statistics

The Traffic Mgmt section of the Monitoring tab displays global statistics about network proximity and DNS sticky operation in your GSS network. Network proximity statistics include information about the proximity DNS rule hit counts, statistics about the number of entries in the proximity database of each GSS device, and statistics about probing requests. Sticky statistics include information about the sticky DNS rule hit counts and statistics about the number of entries in the sticky database of each GSS device.

This section contains the following topics:

Monitoring Proximity Rule Hit Count Statistics

Monitoring Proximity Database Statistics

Monitoring Proximity Lookup Statistics

Monitoring Proximity Probe Management Statistics

Monitoring Sticky Rule Hit Statistics

Monitoring Sticky Database Statistics

Monitoring Global Sticky Mesh Statistics

Monitoring Proximity Rule Hit Count Statistics

The Proximity Rule Hit Count Statistics list page displays statistics about how many times a DNS rule provides an answer for a zone determined to be the most proximate. To view statistics about proximity hits for a DNS rule, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the Traffic Mgmt navigation link.

3. Click the Proximity Rule Hit Counts navigation link (located in the Contents list). The Proximity Rule Hit Statistics list page appears.

Table 11-66 describes the fields on the Proximity Rule Hit Statistics list page.

Table 11-66 Field Descriptions for Proximity Rule Hit Statistics List Page 

Field
Description

Name

Name of the matched DNS rule.

Owner

GSS owner to whom the DNS rule has been assigned.

Name of the GSS or GSSM

For each GSS or GSSM, this field provides information about the number of:

DNS requests that match the DNS rule.

DNS responses that are successfully returned with a proximate answer for the DNS rule.

See the legend that appears below the listed DNS rules for information about identifying which value represents the proximity hit count and which value represents the number of successful matches.


Monitoring Proximity Database Statistics

The Proximity Database Statistics list page displays statistics about the number of entries in the proximity database and the number of entries dropped because the proximity database reached the maximum database limit of 500,000 entries.

To view the number of entries in the proximity database, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the Traffic Mgmt navigation link.

3. Click the Proximity Database Stats navigation link (located in the Contents list). The Proximity Database Statistics list page appears.

Table 11-67 describes the fields on the Proximity Database Statistics list page.

Table 11-67 Field Descriptions for Proximity Database Statistics List Page

Field
Description

Global Site Selector

Name of the GSS or GSSM device.

Entries in Use

Number of entries currently in the proximity database, out of a maximum of 500,000 entries.

Last Cleanup

Last time the GSS removed the least recently used entries from the proximity database.

Number of Cleanups

Number of entries removed during the cleanup process.


Monitoring Proximity Lookup Statistics

The Proximity Lookup Statistics list page displays statistics about the number of entries in the proximity database:

To view the lookup statistics in the proximity database, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the Traffic Mgmt navigation link.

3. Click the Proximity Lookup Stats navigation link (located in the Contents list). The Proximity Lookup Statistics list page appears.

Table 11-68 describes the fields on the Proximity Lookup Statistics list page.

Table 11-68 Field Descriptions for Proximity Lookup Statistics List Page

Field
Description

Global Site Selector

Name of the GSS or GSSM device

Count

Total number of proximity lookup requests made to the GSS.

Crnt Rate

Current request rate per second that requests are made to the GSS to perform a proximity lookup in the database.

No Entry

Number of times the GSS was unable to locate a proximate answer from the proximity database.

Partial Data

Number of times only round-trip time (RTT) data for a partial set of zones was available in the proximity database.

Req. Dropped

Number of proximity lookup queries dropped by the GSS.

Db Full

Number of times the GSS was unable to perform a proximity add because the database exceeded the maximum number of entries.


Monitoring Proximity Probe Management Statistics

The Proximity Probe Management Statistics list page displays statistics about the ICMP and TCP probes transmitted from the proximity probing agents.

To view statistics about the probing requests and responses, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the Traffic Mgmt navigation link.

3. Click the Proximity Probe Mgmt Stats navigation link (located in the Contents list). The Proximity Probe Mgmt Statistics list page appears.

Table 11-69 describes the fields on the Proximity Probe Mgmt Statistics list page.

Table 11-69 Field Descriptions for Proximity Probe Mgmt Statistics List Page 

Field
Description

Zone Index

Numerical identifier of the proximity zone.

Zone Name

Name of the proximity zone.

Name of the GSS or GSSM

For each GSS or GSSM, this field provides information on the:

IP address of the probe device.

Total number of DRP echo and measurement packets sent by the GSS to the proximity probing agent in the proximity zone.

Total number of DRP echo and measurement packets received by the GSS from the proximity probing agent in the proximity zone.

Current packet send rate per second.

See the legend that appears below the listed zones for information about identifying which value represents sent echo and measurement packets, which value represents received echo and measurement packets, and which value represents the current packet send rate.


Monitoring Sticky Rule Hit Statistics

The Sticky Rule Hit Statistics list page displays statistics about how many times the GSS accesses a DNS rule and makes a best effort to provide identical A-record responses to the requesting client D-proxy.

To view statistics about sticky hits for a DNS rule, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the Traffic Mgmt navigation link.

3. Click the Sticky Rule Stats navigation link (located in the Contents list). The Sticky Rule Hit Statistics list page appears.

Table 11-70 describes the fields on the Sticky Rule Hit Statistics list page.

Table 11-70 Field Descriptions for Sticky Rule Hit Statistics List Page 

Field
Description

Name

Name of the matched DNS rule.

Owner

GSS owner to whom the DNS rule has been assigned.

Name of the GSS or GSSM

For each GSS or GSSM:

The total number of successful sticky answer matches in the sticky database for the DNS rule.

The total number of failed sticky answer lookups in the sticky database for the DNS rule.

See the legend that appears below the listed DNS rules for information about identifying which value represents successful matches and which value represents failed lookups.


Monitoring Sticky Database Statistics

The Sticky Database Statistics list page displays statistics about the number of entries in the sticky database.

To view the number of entries in the sticky database, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the Traffic Mgmt navigation link.

3. Click the Sticky Database Stats navigation link (located in the Contents list). The Sticky Database Statistics list page appears.

Table 11-71 describes the fields on the Sticky Database Statistics list page.

Table 11-71 Field Descriptions for Sticky Database Statistics List Page

Field
Description

Global Site Selector

Name of the GSS device (GSSM or GSS).

Status

Sticky status of the named device and sticky mode. Status conditions can include Disabled, Local, Global, and Stopped.

Entries in Use

Number of entries currently in the sticky database out of a maximum of 400,000 entries.


Monitoring Global Sticky Mesh Statistics

The Sticky Mesh Statistics list page displays the global mesh statistics for all GSS devices in the mesh. This list page identifies all of the GSS devices in the mesh in an X by Y matrix, with each cell displaying the device online status, packets received, packets sent, and any connection down events encountered between the nodes. The statistics appear from the local GSS node's view (X) of the session to each mesh peer (Y).

To display the global mesh statistics, perform the following steps:

1. From the primary GSSM GUI, click the Monitoring tab.

2. Click the Traffic Mgmt navigation link.

3. Click the Sticky Mesh Stats navigation link (located in the Contents list). The Sticky Mesh Statistics list page appears.

Table 11-72 describes the fields on the Sticky Mesh Statistics list page.

Table 11-72 Field Descriptions for Sticky Mesh Statistics List Page 

Field
Description

GSS/Peer

Name of the GSS device (GSSM or GSS) in the mesh along with its peers.

Name of the GSS or GSSM in the mesh

For each GSS peer in the mesh, each column lists the following statistics:

Connection to peer status—Online status of each peer in the mesh. The possible states are Stopped, Init, Opened, Authentication, Up, and Down.

Packets transmitted—Number of packets transmitted from the GSS or GSSM to each peer in the mesh.

Packets received—Number of packets received by the GSS or GSSM from each peer in the mesh.

Down Events—The number of down events encountered for the session between the peers in the mesh.

See the legend that appears below the listed peer GSS or GSSM in the mesh for information about identifying which statistic represents the online peer status, packets transmitted, packets received, and session down events.